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Cloud  security, 
cyberwar  dominate 
RSA  Conference 


BYTIM  GREENE 

SAN  FRANCISCO  —  Cloud  security  was  a  major  theme  at 
RSA  Conference  last  week,  but  worry  about  cyberwar  was 
also  prominent.  In  fact,  officials  from  the  White  House  and 
FBI  were  there  to  encourage  private  participation  in  govern¬ 
ment  efforts  to  defend  information  and  communications 
networks. 

A  former  technical  director  of  the  National  Security 
Agency  bluntly  said  he  doesn’t  trust  cloud  services.  Speak¬ 
ing  for  himself  and  not  the  agency,  Brian  Snow  said  cloud 
infrastructure  can  deliver  services  that  customers  can  access 
securely,  but  the  shared  nature  of  the  cloud  leaves  doubts 
about  attack  channels  through  other  users  in  the  cloud.  “You 
don’t  know  what  else  is  cuddling  up  next  to  it,”  he  said. 

In  his  keynote  address,  Art  Coviello,  the  president  of  RSA, 


CLEAR  CHOICE  TEO,* 

SSL-VPN 

Microsoft  delivers 
robust  SSL  VPN  tool 


►  See  RSA,  page  18 


//  [Cloud]  service 
I  providers  should  be 
able  to  tell  compliance 
officers  and  auditors 
just  about  anything 
they  need  to  know.” 

ART  COVIELLO,  RSA  PRESIDENT 


Forefront  UAG  provides  enterprise- 
grade,  software-based  remote 
access.  Page  26 


4G  nets  on  the  way, 
butthey’ll  take  time 

BY  BRAD  REED 

IF  CELLULAR  technologies  were  like  Harry  Potter  mov¬ 
ies,  then  we  would  be  in  that  waiting  period  between  new 
releases.  4G  is  on  the  horizon,  and  you  can  expect  lots  of 
exciting  trailers  and  teasers  in  the  interim,  but  don’t  expect 
to  see  any  real  action  until  the  latter  half  of  the  year. 

By  the  end  of  2010,  Clearwire  plans  to  have  built  out  its  4G 
WiMAX  network  to  all  major  markets  in  the  United  States 
and  Verizon  expects  to  be  offering  its  4G  Long-Term  Evo¬ 
lution  (LTE)  services  commercially  in  25  to  30  major  U.S. 

►  See  AG,  page  16 


Smarter  technology  for  a  Smarter  Planet: 

Thinking  outside  the  box 
depends  on  what’s  in  the  box. 

The  systemic  inefficiencies  in  many  server  rooms  today,  in  terms  of  both  energy 
consumption  and  utilization,  are  becoming  unsustainable.  It  isn’t  simply  a  question 
of  cost  —  it’s  also  about  maintaining  day-to-day  operations.  A  recent  study  found 
that  an  estimated  half  of  all  businesses  experience  IT  outages  due  to  power  and 
cooling  issues.1 

As  we  build  out  the  infrastructure  of  a  smarter  planet,  companies  need  to  consider 
not  only  how  much  power  is  under  the  hood  of  their  next  server  purchase,  but 
also  how  much  energy  will  be  consumed  to  provide  that  power.  That’s  where 
smarter  tools  like  the  IBM  BladeCenter®  HS22  come  in.  It’s  designed  to  give  you 
greater  efficiency  at  every  level,  from  its  highly  efficient  design  and  Intel®  Xeon® 
Processor  5500  Series  to  its  advanced  management  software  like  IBM  Systems 
Director  that  actively  monitors  and  limits  power  consumption.  All  of  which  can 
add  up  to  93%  in  energy  savings  over  the  previous  generation  of  rack  servers. 

Learn  how  you  can  see  a  return  on  your  investment  in  as  little  as  three  months2 
at  ibm.com/hs22 

Systems,  software  and  services  for  a  smarter  planet. 


\  I  / 


'Source:  IDC  Market  Analysis  #21 5870,  Volume  1 ,  December  2008,  Worldwide  Server  Energy  Expense  2008-201 2  Forecast.  "Return  on  investment  and  power  savings  calculation  based  on  1 1 : 1  consolidation 
customer  configurations  and  environment.  For  more  information,  visit  www.ibm.com/smarterplanet/claims.  IBM,  the  IBM  logo,  ibm.com,  BladeCenter,  Smarter  Planet  and  the  planet  icon  are  trademarks  of 
at  wvm.ibm.com/legal/copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other  countries.  ©  International 


ratio  scenario  of  1 66  Intel  1 U  2  socket  servers  to  1 4  BladeCenter  HS22  servers  and  savings  in  energy  costs,  software  license  fees  and  other  operating  costs.  Actual  costs  and  savings  will  vary  depending  on  individual 
International  Business  Machines  Corp. ,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  cur  rent  list  of  IBM  trademai  ks  is  available  on  tl  ie  Web 
Business  Machines  Corporation  2009.  All  rights  reserved. 
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the  QWEST  SOLUTION:  These  days,  businesses  have  to  balance  limited  resources 


with  ever  growing  demands  on  their  communications  system.  Let  Qwest  help  you  do 


more  with  less.  Our  bundled  voice,  data  and  network  solutions  can  help  simplify  your 


IT  operations  —  so  not  a  dollar  is  wasted.  Solve  more  problems  at  qwestsolutions.com 


Qwest 


BUSINESS 


Copyright  ©  2010  Qwest.  Ail  Rights  Reserved. 
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FROM  THE  EDITOR  JOHN  DIX 

Sizing  up  the  big 
computing  players 


8  Bits  Comments, 

Blogs  and  Online 

14  Q&A  The  man  behind 
Windows  Phone  design. 

15  Trend  Analysis  Is  Novell 

z:  worth  $2  billion? 


If  HP’s  recently  posted  first  quarter  results  are  any 
indication  of  larger  industry  trends,  things  are  indeed 
beginning  to  look  better.  Sales  in  the  quarter  ended  Jan.  31 
were  up  8%  to  $31  billion  compared 
with  the  same  period  a  year  ago,  and 
profits  jumped  25%  to  $2.3  billion.  In 
fact,  HP  is  now  predicting  it  will  grow 
6%  to  7%  this  year. 

That’s  a  far  cry  from  2009  when  HP  and  its  computing 
brethren  took  it  on  the  chin.  Last  year,  collective  sales  for 
the  industry’s  three  biggest  players  —  HP,  IBM  and  Dell 
—  were  off  a  cool  $20  billion,  roughly  equal  to  the  GDP 
ofjordan. 

Of  that  group  Dell  suffered  the  most,  with  sales  last  fiscal  year  (ending  Jan.  29, 
2010)  falling  a  whopping  13%  to  $53  billion  and  profits  off  42%  to  $1.4  billion. 
While  IBM’s  sales  were  also  down  considerably  —  8%  to  $96  billion  —  it  reacted  so 
aggressively  it  actually  managed  to  end  the  year  with  profits  up  9%  to  $13.4  billion. 

Revenue-wise  HP  fared  the  best.  Sales  in  fiscal  2009,  which  ended  Oct.  31,  were 
only  down  3.2%,  but  that’s  largely  because  the  company  acquired  EDS  in  the 
middle  of 2008  and  had  that  new  revenue  to  report.  But  even  with  EDS  on  the 
books  profits  were  still  off  8%  at  $7.6  billion. 

Acquiring  EDS,  however,  has  enabled  HP  to  nicely  round  out  its  offerings, 
giving  it  one  of  the  broadest  portfolios  in  the  business,  a  fact  the  company  hopes  to 
leverage  to  strategic  advantage.  Services  accounted  for  30%  of  HP’s  revenue  last 
year  and  that  segment  has  reportedly  become  the  company’s  most  profitable. 

IBM  of  course  is  the  company  that  first  recognized  the  importance  of  services 
and  has  been  at  it  the  longest.  Its  service  revenue  passed  hardware  revenue  in  2001 
and  today  dwarfs  it,  accounting  for  57%  of  sales  to  hardware’s  17%. 

Dell  was  slow  to  realize  the  importance  of  services  but  last  November  moved  to 
make  up  for  lost  time  by  acquiring  Perot  Systems  for  $3.9  billion. 

But  even  as  the  big  three  grow  more  similar,  the  market  continues  to  evolve 
around  them.  It  will  be  interesting  to  watch,  for  example,  what  Oracle  will  do  with 
the  Sun  assets  it  acquired  for  $7.4  billion,  how  HP  will  try  to  leverage  the  network 
expertise  it  acquired  with  the  purchase  of  3Com,  and  what  Cisco’s  bold  new 
entrance  into  computing  will  mean. 

Perhaps  more  fundamental  will  be  the  shifts  driven  by  the  emergence  of  cloud 
computing.  As  much  change  as  we’ve  seen  already,  it  is  likely  we’re  in  for  a  boat¬ 
load  more. 
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Google  doesn't  give  a 
hoot  about  privacy 

©  I  WOULD  LIKE  to  know  how  long  it 
took  Google  to  remove  the  video.  (Re: 
Conviction  of  Google  execs  in  Italy  sheer 
madness;  tinyurl.com/ych4x61.)  Their 
reputation  for  not  taking  down  books 
that  they  have  scanned  and  posted  when 
requested  to  do  so  by  the  *real*  copyright 
holders  is  abysmal. 

The  American  Psychological  Asso¬ 
ciation  is  irate  with  them  as  are  many 
authors  who  have  requested  items  be 
taken  down  and  Google  either  does  not 
comply  or  takes  months  to  do  so. 

Their  response  to  the  Buzz  fiasco  was 
arrogant  as  can  be.  Personally,  I’ve  had  it 
with  them.  They  don’t  give  a  hoot  about 
your  privacy  and  want  to  put  every  bit  of 
digital  data  on  the  network  for  everyone 
to  access,  whether  they  own  it  or  not.  I 
have  no  sympathy  for  what’s  coming 
their  way  in  terms  of  lawsuits  from  many 
fronts. 

Anon 

©  THE  LOGICAL  REASON(S)  behind  this 
stuff  is  that  the  Euro  currency  is  failing, 
and  the  Italian  and  other  EU  govern¬ 
ments  say,  “Let’s  get  some  real  money  in 
the  coffers  so  we  don’t 
go  broke  when  our 
Euro  fails.  We  can 
legally  take  it  from 
the  likes  of  Microsoft, 

Google,  Intel  and 
such  companies. 

If  they  want  to  do 
business  here,  they’ll 
pony  up.” 

It’s  sort  of  like  the 
local  speed  traps 
around  this  country. 

Us  local-yokels 
know  about  them 
and  avoid  them,  but 
the  out-of-towner  that  passes  through 
gets  pulled  over,  fined,  and  either  has  to 
hire  a  lawyer  or  pays  the  piper,  and  thus 
helps  pay  for  services  needed  so  as  to 
help  keep  the  local  tax  rates  down. 

These  corporations  that  want  to  be 
world  players  in  the  so  called  “global 
economy”  can  either  look  at  it  as  a) 
foreign  government-sanctioned  extor¬ 
tion  or  b)  The  new  cost  of  doing  global 
business. 

Barefoot 


Encrypt  mobile  data 

©  A  LOGIN  PASSWORD  and  even  bios 
password  do  not  secure  mobile  computer 
data.  (Re:  Wi-Fi  finders  let  thieves  track 
down  hidden  laptops;  tinyurl.com/ycve- 
pse).  Take  out  the  hard  drive,  connect  it  to 
another  machine,  and  your  data  is  easily 
readable  (some  machines  do  have  built-in 
hardware  encryption,  but  not  the  average 
laptop). 

All  mobile  devices  with  sensitive  data 
(including  flash  drives  and  external  hard 
drives)  should  have  that  data  encrypted, 
as  well  as  backed  up  somewhere  else. 

Be  cautious  with  Windows  built-in 
encryption  —  if  your  laptop  is  not  part  of 
a  “domain”  with  an  administrator  able 
to  recover  your  data  if  the  password  is 
lost,  or  the  hardware  damaged,  and  you 
do  not  religiously  back  up  data,  it  is  not 
straightforward  to  recover  it. 

Anon 

Users  share  blame  in 
software  vulnerabilities 

©  ANYONE  WHO  STUDIES  statistics  and 
probability  knows  about  an  anomaly 
called  “degrees  of  freedom.”  The  prob¬ 
ability  of  a  code  vulnerability  and  the 
difficulty  of  finding  it  increases  geometri¬ 
cally  as  the  volume 
of  code  increases. 

(Re:  Microsoft:  Don’t 
press  FI  in  Windows 
XP;  tinyurl.com/ 
yee67jw). 

The  metrics  of  soft¬ 
ware  quality  conflict 
with  each  other.  We 
users  are  part  of  the 
problem.  We  want 
the  software  to  work 
the  way  we  want 
it  to.  This  requires 
user  customization 
to  make  it  “user 
friendly.”  That  action  complicates  the 
solution  and  increases  the  degrees  of 
freedom.  Ethical  software  developers 
write  code  for  an  intended  use,  not  for  a 
malicious  use.  They  try  to  defend  against 
accidental  misuse  and  guide  the  user 
with  online  interractive  help  toward  the 
intended  use.  However,  malware  crimi¬ 
nals  look  for  unchecked  degrees  of  free¬ 
dom  to  exploit  and  defeat  the  software’s 
purpose  to  malicious  ends. 

Wisesooth 
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Untangle  business  communications  with  brilliant  simplicity 

Communications  complexity  ends  with  ShoreTel.  Experience  a  simpler,  more 
reliable  way  to  share,  connect,  and  collaborate.  ShoreTel's  brilliantly  simple 
IP  phone  system  delivers  true  unified  communications  built  for  the  IP  age.  Easy, 
to  integrate.  Easy  to  scale  and  easy  to  manage.  Visit  shoretel.com/untangle  and 
untangle  your  communications  now. 
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Adios,  Mariposa, 
we  hardly  knew  you 

SPANISH  AUTHORITIES  HAVE  arrested  three  men  in  an 
operation  that  crushed  a  botnet  called  Mariposa.  Much  of  the 
credit  goes  to  a  group  of  volunteers,  dubbed  the  Mariposa 
Working  Group,  who  disabled  Mariposa's  command-and-control 
servers  and  handed  over  information  about  the  criminals  to  law 
enforcement.  Mariposa-infected  computers  were  linked  to  13 
million  unique  IP  addresses,  suggesting  it’s  one  of  the  world's 
largest  botnets  (the  notorious  Conficker  botnet  has  been  linked 
to  half  as  many  IP  addresses).  The  criminals  used  Mariposa  for 
typical  cyberscams:  They  stole  banking  credentials  and  launched 
distributed  DDoS  attacks.  However,  they  didn't  use  it  to  push  fake 
antivirus  products,  a  move  that  helped  keep  Mariposa  under  the 
radar.  "The  bot  was  itself  very  silent,"  said  Pedro  Bustamante,  a 
researcher  with  Panda  Security,  tinyurl.com/yajvhvg 
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Narus  takes 
sleuthing  to 
new  levels 

THE  SAME  company  whose 
technology  AT&T  allegedly 
used  to  scan  the  wires  for  the 
National  Security  Agency  has  a 
new  sleuthing  tool  that  its  CTO 
admits  can  do  some  pretty  scary 
things.  The  program,  created  by 
Narus  and  code-named  Hone, 
uses  artificial  intelligence  to 
analyze  e-mails  and  sift  through 
millions  of  user  profiles  to  flush 
out  criminals  operating  anony¬ 
mously  on  the  Internet.  Hone 
can  analyze  VoIP  conversations 
and  biometrically  identify 
someone’s  voice  or  photograph 
and  then  associate  it  with  differ¬ 
ent  phone  numbers.  “I  can  have 
a  sample  of  your  voice  in  Eng¬ 
lish,  and  you  can  start  speaking 
Mandarin  tomorrow.  It  doesn’t 


matter;  I’m  going  to  catch  you,” 
said  Narus  CTO  Antonio  Nucci. 

tinyurl.com/y9eefgo 


Big  Blue  laser 
beams 

IBM  RESEARCHERS  areastep 
closer  to  developing  chips  that 
use  pulses  of  light  instead  of  elec¬ 
trical  signals  to  carry  informa¬ 
tion.  The  company  has  created 


a  device  called  a  nanophotonic 
avalanche  photodetector  that 
can  transmit  data  at  speeds  up 
to  40Gbps  using  a  1.5  volt  power 
supply.  The  light  is  carried  over 
silicon  circuits  instead  of  copper 
wires.  The  device,  which  is  made 
using  existing  semiconduc¬ 
tor  technology,  is  significant 
because  it  uses  roughly  20 
times  less  power  than  previous 
devices,  IBM  says.  The  goal 
is  to  build  an  on-chip  optical 
interconnect  that  would  allow 
the  construction  of  computers 
capable  of  exaflop  performance. 
A 1  exaflop  computer  would  be 
nearly  600  times  faster  than 
the  world’s  most  powerful  com¬ 
puter,  a  Cray  XT5  called  Jaguar 
at  the  Oak  Ridge  National  Labo¬ 
ratory  in  Tennessee.  That  box  is 
benchmarked  at  1.75  petaflops, 
which  is  0.0175  exaflops.  tinyurl. 
com/ydbex7f 

Cisco  secures 
mobile,  cloud 
apps 

ANOTHER  YEAR,  another  security 
architecture  from  Cisco.  From 
Self-Defending  Networks  to 
TrustSec  and  now...  Secure  Bor¬ 
derless  Networks.  Announced 
at  the  RSA  conference.  Secure 
Borderless  Networks  is  designed 
to  provide  “always  on”  security 
for  mobile  devices  and  establish 
controls  over  cloud-computing 
applications.  (Cisco  CEO  John 
Chambers  called  cloud  secu¬ 
rity  a  nightmare.)  It  involves 
enhancements  to  three  Cisco 
products  —  the  AnyConnect 
client.  Adaptive  Security  Appli¬ 
ance  and  IronPort  Web  Security 
appliance  —  so  they  can  work  in 
unison  to  provide  a  VPN  func¬ 
tion  and  client  protection  that 
includes  data-loss  prevention 
and  Web  filtering.  The  main 
advantage:  extending  those  capa¬ 
bilities  to  mobile  devices,  tinyurl. 
com/ybqqcnq 


Google,  Equifax, 
Verizon  say 
they'll  play  nice 

A  GROUP  called  the  Open 
Identity  Exchange  is  promising 
to  abide  by  federal  government 
guidelines  for  online  privacy 
and  security.  That  means  no 
selling  e-mail  or  Web  usage 
information  gleaned  from  a  citi¬ 
zen’s  electronic  interaction  with 
a  government  agency  to  a  third 
party,  nor  using  such  informa¬ 
tion  to  advertise  to  the  person. 
Founding  members  of  OIX 
include  Google,  Equifax,  PayPal 
and  Verizon,  among  others.  The 
federal  government’s  CIO  Vivek 
Kundra  “reached  out  to  private 
industry  on  this”  and  encour¬ 
aged  the  formation  of  OIX,  says 
Dan  Thibeau,  the  group’s  chair¬ 
man.  tinyurl.com/yb3ud6t 

Microsoft 
trumpets  R&D 

MICROSOFT  PLANS  tospend 
$9.5  billion  on  R&D  this  year, 
which  COO  Kevin  Turner 
claims  is  $3  billion  more  than 
the  next  closest  tech  company 
(HP  had  about  twice  the  revenue 
as  Microsoft  last  year  and 
only  spent  $2.8  billion).  Much 
of  Microsoft’s  investments 
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Drive  efficiency  and  fuel 
inspiration  Where  it  strikes. 


Windows®  7  Enterprise  Edition,  Windows  Server®  2008  R2,  Microsoft®  System  Center  and  Forefront™  can  help  drive  the  success  of 
your  business.  How,  exactly?  Well,  when  deployed  together,  they  help  streamline  management  of  your  desktops,  minimize  threats 
and  data  loss,  while  maximizing  secure  remote  access  and  user  productivity  across  applications,  locations  and  devices.  End  result? 
Inspired  users.  Efficient  business.  Happy  IT. 

To  learn  more  about  the  benefits  of  these  products,  go  to  itseverybodysbusiness.com/deploy 


Snap  this  tag  to  get  the  latest  news 
on  deploying  optimized  desktops 
or  text  DEPLOY  to  21710* 

Get  the  free  app  for  your  phone  at 

http://gettag.mobi 


Because  it's  everybody's 


business 


‘Standard  messaging  and  data  charges  apply. 
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McGuire's  Law 
of  Mobility: 


can  prosper  in  the  mobility 
www.mcguiresiaw.com. 


Russ  McGuire 

VICE  PRESIDENT  OF  STRATEGY 
SPRINT  NEXTEL 
McGuire  is  responsible  for 
developing  the  strategic 
vision  and  framework  for 
the  $308+  telecommunica¬ 
tions  giant.  He  is  the  author 
of  The  Power  of  Mobility,  a 
book  about  how  businesses 
revolution.  His  personal  blog  is 


A  Product's  Value  Increases  with  Mobility 


In  line  with  the  thinking  of  Gordon 
Moore  and  Robert  Metcalfe,  Russ 
McGuire  says  mobility  will  change 
everything  about  how  people  interact 
with  the  world  around  them— delivering 
untold  value  to  consumers  and  redefining 
industry. 


What  is  McGuire's  Law? 

McGuire’s  Law  says  that  the  value  of  any 
product,  service  or  process  increases  with 
its  mobility.  It’s  essentially  to  the  mobil¬ 
ity  revolution  what  Metcalfe’s  Law  was  to 
the  Internet  revolution  and  what  Moore’s 
Law  was  to  the  PC  revolution. 

What  impact  can  mobility  have  on 
businesses? 

Mobility  will  eventually  be  integrated 
into  every  product,  service  and  process. 
The  impact  will  be  as  great,  or  greater, 
than  the  impact  of  the  PC  or  the  Internet. 
Building  mobility  into  products  can  rede¬ 
fine  them  and  restructure  the  industries 
around  them.  We  see  that  in  e-readers, 
which  have  changed  consumer  buying 
decisions  and  publishing  strategies.  With 
services  and  processes,  mobility  will 
increase  productivity  and  customer  value 
while  reducing  costs  by  as  much  as  20  to 
40  percent. 

How  can  true  innovators  upstage  their 
competition? 

Companies  that  embrace  mobility  are 
redefining  entire  industries.  Look  at  how 
Avis  took  the  rental  car  return  process 
from  inside  the  building  to  where  con¬ 


sumers  pull  up  in  their  cars,  creating  new 
value.  It  defined  the  process  around  what 
works  for  Avis,  while  the  competition 
followed  at  a  natural  disadvantage.  In  the 
short  term,  customers  want  to  do  business 
with  innovators  who  break  the  rules  and 
serve  them  better.  In  the  long  term,  those 


innovators  structure  industries  to  play 
into  their  hands. 

What  is  the  role  of  unified  communica¬ 
tions  in  mobility? 

Mobility  is  derived  first  from  IP,  deliv¬ 
ering  a  network  connection  that  is  no 
longer  bound  to  a  physical  address;  and 
second  from  wireless  communications. 
It’s  important  to  leverage  both  the  IP  and 
wireless  aspects  of  mobility  so  employees 
can  be  fully  productive  no  matter  where 
they  are.  Unified  communication  tools 
enable  companies  to  mobilize  employees 
through  the  “work  anywhere”  capabilities 
they  provide. 

Can  you  illustrate  how  the  power  of 
mobility  has  been  harnessed? 

I’ll  give  you  three  compelling  examples. 
TeleNav  leveraged  GPS  in  mobile  hand¬ 
sets  using  software.  Instead  of  charging 
$1,000  for  a  new  personal  device,  the 
company  charged  only  a  $10  monthly 
fee— creating  an  easier  buying  decision 
that  blew  the  market  open.  Montclair 
State  University  issued  cell  phones  to 
its  students  with  built-in  security  and 
shuttle  bus  tracking  software.  In  addition 
to  better  communications,  the  university 


gained  the  loyalty  of  students— they  felt 
safer  and  better  connected  to  the  campus. 
A  health  insurer  gave  at-risk  mothers-to- 
be  push-button  phone  access  to  nurse 
practitioners.  The  move  yielded  better 
health  outcomes  for  the  moms  and  babies 
and  improved  financial  performance  for 
the  insurer. 

What's  your  take  on  the  future? 

What  role  will  4G  play? 

In  the  future,  any  product  that  has  a 
microprocessor  will  have  wireless  con¬ 
nectivity,  so  everything  that  can  process 
data  will  have  full-time  connectivity^ 

That  will  have  a  huge  impact  on  how 
we  interact  and  how  we  do  business.  4G 
contributes  to  that  in  several  important 
ways.  First,  4G  offers  more  bandwidth, 
providing  a  seamless,  uninhibited  path 
forward.  Second,  it  introduces  lower- 
cost  components  with  Intel  driving  the 
commoditization  of  WiMax  chips.  And 
third,  4G  will  bring  lower  network  costs 
of  one-fourth  or  one-fifth  the  cost  of  3G. 
The  mobility  applications  that  we  can’t 
justify  today  because  of  3G  constraints 
will  be  no-brainers  in  the  future. 


for  more  information:  please  visit 
the  Masters  of  Unified  Communications  site  at 
www.networkworld.com/community/uc 

"Sprint  ranks  #1  in  overall  satisfaction  for 
wireless  voice  and  data  services  among 
large  business  customers. " 

(Source:  Yankee  Group.  US.  Carrier  Satisfaction  Survey,  2010) 
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“Companies  that  embrace  mobility  are  redefining 
entire  industries  ” 


While  you 

were  out..  .  If  you  miss  a  call,  you  miss  an 

opportunity.  With  Sprint  Mobile  Integration  and  Global  MPLS, 
you’ll  have  one  number,  one  voicemail  and  one  easy  way 
to  control  mobile  usage.  Simplify  the  way  your  company 
stays  in  touch.  Make  it  easier  for  clients  to  reach  you. 

And  reduce  company  telecom  expenses.  Less  dialing, 
happier  clients.  Start  closing.  1-866-653-1056 
sprint.com/convergence 


The  Now  Network ' 


norms 

PilotHouse 

Award 


IT  professionals  name  Sprint  best  provider  of  MPLS— delivering 
best  value,  customer  service,  technology  and  network  reliability. 


FOCUS 


Coverage  not  available  everywhere.  The  3G  Sprint  Mobile  Broadband  Network  (including  data  roaming)  reaches  over  269  million  people.  The  Nationwide  Sprint  and  Nextel  National  Networks  reach  over  275  and  274  million  people, 
respectively.  Other  restrictions  apply.  See  store  or  sprint.com  for  details.  ©2010  Sprint.  Sprint  and  the  logo  are  trademarks  of  Sprint.  Other  marks  are  the  property  of  their  respective  owners. 
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DNSSEC  on  right  track 

VERISIGN  IS  reporting  no  serious  problems  with 
its  ongoing  deployment  of  DNS  Security  Extensions 
on  the  internet’s  root  servers  and  on  the  top-level 
domain  servers  that  it  operates,  including  the 
systems  that  power  the  popular  .com  and  .net 
domains.  Matt  Larson,  vice  president  of  DNS 
Research  at  VeriSign,  says  the  registry  opera¬ 
tor  is  on  schedule  with  its  rollout  of  DNSSEC,  an 
emerging  Internet  standard  that  prevents  spoofing 
attacks  by  allowing  Web  sites  to  verify  their  domain 
names  and  corresponding  IP  addresses  using  digital 
signatures  and  public-key  encryption.  "The  planned 
date  for  the  root  servers  supporting  DNSSEC  is  July  1, 
and  we're  still  proceeding  with  that  date,”  Larson  says. 

'  We’ve  started  rollout  of  the  signed  root  on  two  of  the 
13  root  servers,  and  those  deployments  have  gone 
well...  Everything  is  proceeding  nicely  with  the  root 
servers,  and  the  same  is  true  with  .com,  .net  and  .edu.” 


Beware  the  Wi-Fi 
sniffers 


STUFFING  YOUR  company 
laptop  into  the  car  trunk  or  even 
a  locker,  without  turning  off 
its  Wi-Fi  radio,  can  be  an  open 
invitation  to  thieves,  according  to 
Credant  Technologies.  Thieves  with 
increasingly  sophisticated,  directional 
Wi-Fi  detectors  can  home  in  on  the  laptop's  radio, 
tracking  it  down  even  when  the  PC  is  hidden  away.  A 
statement  by  the  mobile  security  software  vendor  high¬ 
lighted  a  recent  warning  from  a  security  specialist  at 
University  of  Technology,  in  Jamaica.  He  said  that 
it  appeared  crooks  running  a  lottery  scam  on  the 
island  were  using  stolen  laptops  to  do  so.  They 
tracked  down  the  often  out-of-sight  computers 
using  Wi-Fi  radio  detectors. 

Latest  smartphone  legal  fight: 
Apple  vs.  HTC.. .and  Google 

APPLE  FILED  a  lawsuit  last  week  against  HTC,  claim¬ 
ing  that  the  company  is  infringing  20  Apple  patents. 
The  patents  are  related  to  the  iPhone  user  interface, 
and  the  smartphone’s  underlying  architecture  and 
hardware.  Notably,  HTC  phones  such  as  the  Nexus 
One  include  those  that  use  Apple  rival  Google's 
Android  mobile  OS.  "We  can  sit  by  and  watch 
competitors  steal  our  patented  inventions 
or  we  can  do  something  about  it,"  the 
statement  quoted  Apple  CEO  Steve  Jobs 
as  saying.  "We've  decided  to  do  something 
about  it."  HTC,  however,  says  it  develops 
its  own  technology. 


will  center  around  cloud 
services,  Turner  said  in  a 
keynote  speech  at  Cebit. 
“Especially  in  light  of  the 
tough  difficult  macroeco¬ 
nomic  times  that  we’re 
coming  out  of,  we  chose  to 
really  lean  in  and  double 
down  on  our  innovation,” 
Turner  said. 
tinyurl.com/ye7r5w7 


IT  seeing  more 
green  lights 

MORE  IT  projects  are  getting 
green-lighted  amid  signs  of 
recovery,  a  new  survey  shows. 
Among  1,400  CIOs  polled  by 
Robert  Half  Technology,  37% 
intend  to  implement  software 
and  hardware  upgrades  that 
had  been  deferred  due  to  poor 
economic  conditions  in  2009. 
Another  16%  plan  to  roll  out 
virtualization  projects  that  were 
previously  shelved,  and  the 
same  percentage  said  Web  site 
design  initiatives  would  get  the 
go  ahead.  Other  project  priori¬ 
ties  include  Internet  collabora¬ 
tion/technology  tools  (cited  by 
12%  of  CIOs),  cloud  computing 
initiatives  (11%),  and  company- 
branded  social  media  sites 
(10%).tinyurl.com/yc28ztn 

Troops  OK 
to  Tweet 

FOLLOWING  A  ban  on  social 
networking  by  some  sectors 
of  the  U.S.  Department  of 
Defense,  the  agency 
has  decided  that 
social  network¬ 
ing  is  integral  to 
operations  and 
is  to  be  encour¬ 
aged.  “Service 
members  and 
DoD  employees  are  encouraged 
to  use  new  media  to  commu¬ 
nicate  with  family  and  friends 
—at  home  stations  or  deployed 
—  but  it’s  important  to  do  it 
safely,”  the  Defense  Department 
said.  The  new  policy  means  the 
Marines  will  have  to  reverse  its 


ban  on  social-network  sites  like 
Facebook,  MySpace  and  Twitter. 
If  things  get  out  of  hand,  Defense 
department  IT  workers  are 
authorized  to  temporarily  limit 
Internet  access  to  address  band¬ 
width  constraints  or  preserve 
operations  security,  the  new 
policy  says. 
tinyurl.com/ya33gn5 

Google  Apps  gets 
serious  backup 

GOOGLE  IS  promising  stellar 
disaster-recovery  protection  in 
its  efforts  to  woo  big  IT  groups 
to  its  Apps  suite.  The  vendor 
just  extended  its  data  backup 
and  recovery  services  to  all 
components  of  the  Google  Apps 
communication  and  collabora¬ 
tion  suite.  Every  morsel  of  data 
entered  into  or  modified  in 
any  of  the  Apps’  components, 
such  as  Gmail,  the  Docs  office 
suite,  Sites  and  Calendar,  is 
protected,  the  company  says. 
Anytime  you  change  any 
data  in  Apps,  whether 
writing  a  sentence  in  a 
document  or  changing 
a  cell  in  a  spreadsheet, 
in  the  background  we  go 
and  write  that  data  to  multiple 
servers  within  one  data  center 
and  also  in  other  data  centers,” 
said  Rajen  Sheth,  Google  Apps 
senior  product  manager.  The 
level  of  protection,  both  in 
terms  of  the  amount  of  data 
preserved  and  of  service 
restoration  time,  is  typically 
only  affordable  to  very  large 
companies  and  cloud  comput¬ 
ing  vendors,  Google  claims. 
tinyurl.com/y8m67tk 
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Their  computer. 
Your  brain. 


GoToAssist®  Express™  lets  you  view  and  control 
your  customer’s  computer  online,  so  you  can  use 
your  expertise  to  instantly  fix  the  problem.  You'll 
solve  technical  issues  faster  while  reducing  travel 
costs  and  increasing  customer  satisfaction. 
Support  Smarter™  with  GoToAssist  Express. 

FREE  30-Day  Trial 

gotoassist.com/network 
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rFhe  man  behind  Windows  Phone  design 


ne  of  the  key  figures  in  redefin¬ 
ing  the  Windows  experience  on 
smartphones  is  Albert  Shum,  who’s 
been  with  Microsoft  for  barely 
two-and-a-half  two  years.  His  previ¬ 
ous  employer  for  12  years:  sneaker 
manufacturer  Nike,  where  he  worked 
in  design.  Shum  was  offered  the  job  of  director  of 
“Mobile  Experience  Design”  for  the  Windows  Phone 
group,  with  the  challenge  to  recreate  the  operating 
system’s  user  interface  in  a  way  that  would  let  users 
“emotionally”  connect  with  Windo  ws  smartphone. 


Albert  Shum 


Importing  outsiders  with  fresh  eyes  and 
ideas,  and  giving  them  a  free  hand,  is  one  side 
of  the  coin.  The  other  is  pairing  outsiders  like 
Shum  with  veteran  insiders  who  are  invested 
in  and  responsible  for  re-creating  a  growth 
business.  Andrew  Lees,  who  grew  Micro¬ 
soft’s  server  products  into  a  multi -billion  dol¬ 
lar  franchise,  took  over  the  company’s  Mobile 
Communications  Business  about  three  years 
ago.  He’s  brought  in  top  marketing,  engineer¬ 
ing  and  developer  relations  talent  from  other 
business  units,  such  as  the  Zune  media  player 
and  Windows  Media  Center  projects. 

The  work  of  Shum  and  his  colleagues  on 
redesigning  the  mobile  user  experience  for 
Microsoft  customers  is  the  first  visible  result 
of  this  effort,  and  Windows  Phone  7  was 
unveiled  last  month. 

With  Windows  Phone  7,  smartphone  users 
start  with  three  buttons  at  the  bottom  of  the 
screen:  start,  search  and  back.  The  initial  lock 
screen  gives  way  to  a  completely  redesigned 
start  screen  (what  Shum  and  others  call  the 
“Start  Experience”).  Microsoft  has  discarded 
the  familiar  grid-like  display  of  application 
icons. 

Shum  spoke  with  Network  World  Senior  Edi¬ 
tor  John  Cox  to  explain  it  all. 

You’ve  said  elsewhere 
that  you  don’t  want  to  just 
“enhance  the  experience, 
but  make  a  deeper  emotional 
connection  with  products" 

What  do  you  mean  by  that? 

One  of  our  key  experience  threads  is  making 
it  personal.  How  do  you  make  a  product 
personal?  The  answer  is:  with  the  user’s 
content.  Consumers  want  their  content  on 
their  device.  Our  live  tiles  make  the  user 


interface  come 

alive  through  your  content. 

That’s  especially  the  case  with  touch  inter¬ 
faces:  we  let  you  use  your  content  to  navigate. 
You’re  directly  interacting  with  things  that 
you  want  or  that  are  important  to  you.  The 
picture  you  [just]  took  gives  immediate  con¬ 
tent,  and  all  your  pictures  are  in  one  place.  We 
create  contextual  relevance  through  content, 
and  that  makes  [the  experience]  more  per¬ 
sonal.  It’s  not  just  a  static  icon  for  photos. 

How  did  you  come  up  with 
the  combination  of  live  tiles, 
grouped  into  hubs? 

We  focused  on  the  end  users.  When  we  did 
that,  we  found  that  people  were  juggling  a  lot 
of  things,  like  writing  an  e-mail,  then  taking 
a  picture,  and  then  sharing  it  on  Facebook. 
People  needed  a  way  to  ground  themselves, 
when  you’re  juggling  all  these  moments  in 
your  life.  We  addressed  this  in  part  in  our 
[Windows  Phone  7]  Start  Experience:  we 
developed  what  we  call  “glance  and  go.”  It’s 
about  presenting  [meaningful]  information 
immediately,  without  having  to  go  drilling 
down.  At  the  same  time,  as  you  glance  and 
go,  you  can  also  take  action  on  small  “snack- 
bite”  activities. 

Our  Start  Experience  is  a  way  to  navigate 
[your  information]  but  also  a  way  to  give  you 
always  updated  information. 

But  you  also  want  a  richer,  more  immer¬ 
sive  experience.  The  “hubs”  are  a  place  to 
kind  of  “hang  out.”  To  get  music,  hang  out 
in  the  music  hub,  where  you  can  find  what’s 
new.  It’s  a  more  immersive  way  to  find  things 
that  you  care  about  and  take  action  on  them. 

Windows  Phone  7  is  a  balance  between 
these  two  experiences  for  the  user:  glance 


and  go,  plus  a  richer  immersion. 

There’s  a  lot  of  typography 
in  the  Windows  Phone  7 
user  interface.  Why? 

User  typography  has  been  in  development 
for  some  time  [at  Microsoft].  We  were  really 
inspired  by  a  lot  of  the  [typographic  inter¬ 
face]  work  going  on  with  Windows  Media 
Center.  [  WMC  is  a  Windows  application  for 
watching  and  managing  Internet  TV  shows, 
movies,  music,  radio,  photos  and  videos.] 

Typography  is  one  area  that  Microsoft  has 
been  very  active  in:  the  use  of  type  is  really 
important  in  terms  of  usability.  This  is  true 
throughout  Microsoft  products,  but  espe¬ 
cially  in  the  evolution  of  Windows  Media 
Center.  We  really  looked  at  using  type  as  a 
system,  not  just  for  navigation  but  for  creat¬ 
ing  a  more  personal  experience.  The  [2007 
documentary]  movie  “Helvitca”  showed 
that  type  is  very  international,  transcending 
cultures,  even  in  Asian  languages.  It’s  strik¬ 
ing  and  personal  and  very  beautiful.  We’re 
elevating  type  into  a  whole  new  area.  It’s  one 
of  those  things  that  links  us  with  the  past 
but  also  with  the  future.  In  our  applications 
and  in  our  browser,  we  want  to  make  type 
come  to  life. 

In  one  interview,  you  mentioned 
the  team  spent  a  lot  of  time 
really  talking  to  your  users. 

What  was  involved  in  that? 

We  looked  at  users  in  a  couple  of  ways. 

When  we  started,  we  asked  ourselves  “who 
are  we  designing  for?”  Who  was  our  target? 
We  did  ethnography  and  field  research. 
Smartphones  are  new.  So  who  really  are 
smartphone  users?  We  did  this  to  under¬ 
stand  the  problems  we  were  trying  to  solve. 

Our  key  [user]  segment  was  what  we 
called  “life  maximizers.”  These  are  people 
who  are  juggling  their  lives  and  trying  to 
balance  lots  of  separate  moments.  We  spent 
a  lot  of  time  defining  all  this,  and  bring¬ 
ing  people  into  our  design  process  to  help 
us  and  into  our  usability  testing.  We  were 
challenging  ourselves  in  our  preconceived 
assumptions  about  smartphones  and  users. 
We’d  create  quick  prototypes  and  get  these 
in  front  of  our  users,  get  their  feedback,  and 
keep  iterating  on  that.  We’re  still  constantly 
doing  this.  When  you  really  listen,  and  listen 
well,  you  can  make  the  product  better.  ■ 
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TREND  ANALYSIS 


Is  Novell  worth  $2  billion? 

Hedge  fund  may  sell  Novell  off  piecemeal  to  turn  profit 


BY  JON  BR0DK1N 

NOVELL  ISN’T  the  IT  giant  it  once  was,  but 
the  company  may  be  well  worth  the  $2  billion 
offered  in  a  takeover  bid  by  a  New  York  hedge 
fund,  analysts  say. 

Novell’s  value  is  “at  least 
that,  and  more,”  says  Gartner 
analyst  Earl  Perkins. 

In  a  letter  sent  last  week  to 
Novell’s  board  of  directors,  the 
hedge  fund  Elliott  Associates 
said  its  offer  of  $5.75  per  share 
represented  a  premium  of 
49%  over  Novell’s  enterprise 
value,  a  measure  that  includes 
a  firm’s  market  capitalization, 
preferred  stock  and  debt. 

But  Novell’s  stock  jumped 
to  $5.97  per  share  after  the 
offer  by  Elliott  Associates, 
which  already  owns  8.5%  of 
Novell,  Dow  Jones  Newswires 
reported. 

Novell’s  operating  income  in 
the  quarter  ended  Jan.  31, 2010, 
was  a  modest  $21  million,  but 
the  company  has  $1.82  billion 
in  total  assets.  After  subtract¬ 
ing  liabilities  of  $866  million, 
stockholder  equity  in  Novell 
exceeds  $953  million. 

It’s  not  likely  Elliott  Associ¬ 
ates  wants  a  long-term  involve¬ 
ment  in  the  IT  industry,  so  the 
company  must  believe  it  will 
eventually  see  a  return  of  more 
than  $2  billion,  possibly  by 
selling  off  Novell’s  most  valu¬ 
able  assets  piece  by  piece,  ana¬ 
lysts  say. 

“I  don’t  have  any  inside 
information,  but  given  the  fact 
that  the  offer  is  being  made 
by  a  hedge  fund,  my  assump¬ 
tion  is  they’ve  taken  a  look  at 
Novell's  assets  and  books  and 
they  believe  there  are  enough 
assets  within  the  company  to 
produce  more  than  a  $2  billion 
return  if  they  decided  to  sell  those  off,”  says 
Pund-IT  analyst  Charles  King. 

Novell  dominated  the  network  operating 
system  market  in  the  1990s  with  NetWare,  but 
usage  dwindled  and  that  product  has  since 
been  replaced  by  Novell’s  Open  Enterprise 


Server.  Coincidentally,  Novell  was  sched¬ 
uled  to  end  general  support  for  NetWare  this 
past  weekend,  but  will  continue  to  offer  an 
extended  support  plan  until  March  2012. 

Novell’s  SUSE  Linux  is  the  second  most 
widely  used  Linux  distribution  in  the  world, 


but  its  market  share  is  still  less  than  half  that 
of  Red  Hat’s,  says  IDC  analyst  A1  Gillen. 

Novell  is  not  in  dire  financial  straits,  given 
that  it  has  “close  to  a  billion  dollars  in  the 
bank,”  Gillen  says.  But  it’s  not  growing  either. 
Elliott  Associates  “presumably  would  make 


substantial  changes  to  the  business  opera¬ 
tion,  to  change  the  profitability  of  the  com¬ 
pany  and  bring  it  to  a  point  where  they  could 
liquidate  it,”  he  says. 

A  bidding  war  is  always  a  possibility  in  the 
IT  industry,  but  in  this  case  Gillen  says  there 
is  at  least  one  reason  to  think  that 
won’t  happen.  If  IBM  or  Microsoft 
were  the  one  offering  $2  billion  to 
buy  Novell,  competitors  might  feel 
threatened  and  consider  making 
a  bid  themselves.  But  with  Elliott 
potentially  purchasing  Novell, 
competitors  might  simply  be 
pleased  to  see  the  company  broken 
up  into  several  parts  and  sold  sepa¬ 
rately,  Gillen  says. 

“Novell’s  got  a  number  of  inter¬ 
esting  technologies  that  are  poten¬ 
tially  attractive  to  other  com¬ 
panies,  especially  if  they  can  be 
acquired  on  an  individual  basis,” 
Gillen  says. 

Gillen  says  he  doesn’t  have  the 
financial  expertise  to  determine 
whether  $2  billion  is  a  fair  price  for 
Novell.  But  Dow  Jones  Newswires 
quotes  Benchmark  Capital  analyst 
Brent  Williams  as  predicting  that 
the  deal  won’t  be  completed,  partly 
because  selling  off  Novell’s  individ¬ 
ual  parts  “won’t  create  much  value 
for  Elliott.” 

Gartner’s  Perkins  is  more  bull¬ 
ish  on  Novell,  saying  there  is  sig¬ 
nificant  growth  opportunity  in  its 
identity  and  access  management 
products,  as  well  as  the  company’s 
Intelligent  Workload  Management 
tools,  which  manage  and  optimize 
computing  resources  across  physi¬ 
cal,  virtual  and  cloud  platforms. 

King  suggests  that  Novell’s 
assets  could  be  worth  more  than 
the  company  itself,  and  doesn’t  rule 
out  a  bidding  war. 

A  Microsoft/Novell  deal  would 
raise  antitrust  concerns,  and  IBM 
has  said  it  doesn’t  want  to  be  a 
Linux  distribution  vendor,  but 
there  are  still  other  IT  companies  that  would 
be  capable  of  spending  more  than  $2  billion, 
he  says. 

Novell  “is  a  very  well-established  brand  in 
IT,"  King  says.  “There’s  still  a  lot  of  value  left 
in  Novell  and  the  products  they’ve  got.”  ■ 
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►  4G,  from  page  1 

markets.  Additionally,  the  GSM  Association 
is  hoping  that  its  work  on  Voice  over  LTE 
(VoLTE)  will  be  nearly  finished  and  that  LTE 
devices  will  have  the  ability  to  support  voice 
and  Short  Message  Service  (SMS)  sometime 
in  2011. 

4G  technologies  represent  the  next  stage 
in  the  evolution  of  wireless  data  technologies 
and  generally  deliver  average  download  rates 
of  3Mbps  or  higher.  In  contrast,  today’s  3G 
networks  typically  deliver  average  download 
speeds  about  one-tenth  of  that  rate. 

Broadly  speaking,  users  will  get  4G  wire¬ 
less  connectivity  through  one  of  two  stan¬ 
dards,  WiMAX  or  LTE.  WiMAX  is  based 
on  the  IEEE  802.16  standard  and  will  be 
deployed  by  Clearwire  for  wholesale  use  by 
Sprint,  Comcast  and  Time-Warner  Cable  to 
deliver  wireless  broadband.  LTE,  on  the  other 
hand,  is  a  GSM-based  technology  that  will  be 
deployed  by  Verizon,  AT&T  and  T-Mobile. 

Clearwire  has  commercial  WiMAX  ser¬ 
vices  available  in  27  U.S.  markets  covering 
more  than  34  million  points  of  presence  (POP). 
By  year-end,  Clearwire  will  have  built  out  a 
WiMAX  network  that  spans  all  major  U.S. 
markets  and  that  covers  120  million  POPs. 
So  if  your  business  is  in  a  major  metropolitan 
area  it’s  very  likely  that  you’ll  be  able  to  access 
Clearwire’s  4G  network  by  year-end. 

You  won’t  likely  know  that  you’re  getting 
your  service  through  Clearwire,  however.  The 
company’s  plan  is  to  build  out  the  network 
and  then  wholesale  access  to  companies  with 
bigger  brand  names  such  as  Sprint,  Comcast 
and  Time-Warner  Cable.  Clearwire  is  count¬ 
ing  on  these  companies  to  aggressively  pro¬ 
mote  its  WiMAX  services,  especially  since 
WiMAX  is  currently  the  fastest  wireless 
technology  available  on  the  market.  Clear¬ 
wire’s  wholesale  partners  have  also  played 
a  big  role  in  funding  the  buildout  of  the  net¬ 
work,  as  Clearwire  raised  $3.2  billion  from  its 
big  cable  partners  as  well  as  from  big-name 
tech  companies  such  as  Google  and  Intel. 

“Our  wholesale  business  is  going  through 
extraordinary  growth  right  now,”  says  Clear¬ 
wire  Chief  Commercial  Officer  Mike  Sievert. 
“We  ended  up  with  more  than  46,000  whole¬ 
sale  customers  by  the  end  of  the  fourth  quarter 
last  year  and  we’re  on  pace  to  do  significantly 
more  than  that  this  quarter.  We’ve  got  Com¬ 
cast,  Sprint  and  Time-Warner  Cable  as  our 
active  wholesale  partners  and  we  believe  that 
selling  through  those  partnerships  will  be  the 
primary  growth  strategy  for  our  business. 

Verizon’s  LTE  plans 

Unlike  Clearwire,  Verizon  won’t  have  a  coast- 
to-coast  4G  network  ready  to  go  by  year-end. 


Carriers’  4G  plans 


COMPANY:  Clearwire/Sprint 
TECHNOLOGY:  WiMAX 
PLAN:  Clearwire’s  4G  network 
(which  Sprint  uses)  is  currently 
available  in  27  markets  and 
will  expand  to  all  major  U.S. 
metropolitan  areas  by  the  end  of  the 
year,  covering  120  million  points  of 
presence. 


COMPANY:  Verizon 
TECHNOLOGY:  LTE 
PLAN:  Verizon  will  offer  4G  services 
in  up  to  30  major  markets  by  the 
end  of  2010.  By  the  start  of  2012, 
Verizon  hopes  to  offer  4G  in  up  to 
60  major  markets.  The  big  goal  is 
to  get  its  entire  current  3G  footprint 
covered  by  LTE  by  the  end  of  2013. 


COMPANY:  AT&T 
TECHNOLOGY:  LTE 
PLAN:  AT&T  is  hanging  back  and 
waiting  to  aggressively  deploy  its 
LTE  network.  The  company  plans 
to  start  offering  LTE  commercially 
in  2011,  with  the  big  push  to  4G 
coming  in  2012.  In  the  meantime, 
the  company  is  happy  to  upgrade  its 
3G  network  to  HSPA  7.2  technology 
and  to  deploy  its  3G  network  over 
prime  850MHz  spectrum. 


However,  it  does  plan  to  have  its  LTE  network 
up  and  running  in  up  to  30  major  markets 
with  more  to  come  in  2011.  Tony  Melone,  the 
executive  vice  president  and  CTO  of  Verizon 
Wireless,  says  the  company  has  spent  the  past 
year  getting  its  4G  infrastructure  ready  to  go 
online  later  this  year,  including  its  anten¬ 
nas,  backhaul  and  leasing  work  with  tower 
owners. 

From  there,  Verizon  will  work  to  substan¬ 
tially  expand  its  LTE  network  all  throughout 
2011,  as  it  plans  to  double  its  total  number  of 
4G  markets  by  the  early  part  of  2012.  By  the 
end  of  2013,  the  company  plans  to  have  its 
entire  current  3G  footprint  covered  by  its  4G 
technology  and  to  also  expand  its  4G  services 
into  areas  that  don’t  currently  have  3G.  Mel¬ 
one  says  the  company  will  primarily  be  using 
the  22MHz  chunk  of  spectrum  it  obtained 
during  the  700MHz  auction  in  2008  to  build 
out  its  LTE  network  nationwide. 

“The  big  thing  for  us  is  that  100%  of  the 
700MHz  spectrum  we  won  in  the  FCC  auc¬ 
tion  a  couple  years  back  will  be  used  for  4G 
services,”  he  says.  “The  700MHz  spectrum 
gives  us  tremendous  propagation  advantages 
vs.  the  people  who  are  deploying  LTE  in  the 


higher  spectrum  ranges.  700MHz  spectrum 
means  that  there  will  be  fewer  sites  required 
and  well  have  better  building  penetration.” 

The  company  is  also  working  with  device 
manufacturers  to  ensure  a  healthy  device 
ecosystem  will  be  available  for  users  when 
the  network  launches  later  this  year. 

“So  far,  by  being  aggressive  and  deploying 
this  technology  before  anyone  else,  it  seems 
that  the  ecosystem  has  moved  with  us,”  Mel¬ 
one  says.  “So  there  are  many  chipsets  and 
devices  that  are  ready  to  go  and  we  feel  bull¬ 
ish  about  getting  out  to  the  gates  early.” 

Early  adopters  of  LTE  will  find,  however, 
that  the  devices  will  be  data-only  at  first  and 
thus  won’t  support  voice.  To  rectify  this, 
AT&T,  Verizon  and  several  other  telecom 
companies  and  device  manufacturers  joined 
forces  late  last  year  to  help  develop  voice  and 
SMS  standards  for  LTE.  Last  month,  the 
GSM  Association  decided  to  adopt  the  car¬ 
riers’  profile  for  Voice  over  LTE  in  an  effort 
to  avoid  fragmentation  of  LTE  voice  stan¬ 
dards  before  the  technology  becomes  more 
widely  deployed.  The  association  said  that  it 
embraced  the  VoLTE  Initiative’s  IP  Multime¬ 
dia  Subsystem-based  approach  because  IMS 
“supports  all  voice  call  service  features  such 
as  call  waiting,  call  hold  and  call  barring.” 

Melone  says  even  if  the  voice  standards 
for  LTE  are  wrapped  up  by  year-end,  users 
shouldn’t  expect  4G  voice  services  to  be 
widely  available  at  the  outset  of  Verizon’s  net¬ 
work  launch.  Rather,  the  company  will  rely  on 
a  combination  of  3G  for  voice  and  4G  for  data 
services  on  its  initial  device  offerings,  he  says. 

“The  technical  capabilities  for  LTE  voice 
will  be  there  in  the  2011  timeframe,”  he  says. 
“The  question  for  us  will  be  whether  our  foot¬ 
print  will  be  sufficient  at  that  point  to  provide 
customers  with  a  good  experience  for  voice 
over  LTE,  or  whether  we’ll  be  better  off  offer¬ 
ing  3G  coverage  for  voice  and  4G  for  data.” 

In  other  words,  don’t  expect  the  4G  revolu¬ 
tion  to  immediately  sweep  the  land  over  the 
next  two  years.  4G  deployment  will  require 
a  long  process  of  trial  and  error,  as  well  as 
hybrid  systems  to  serve  as  bridges  from  leg¬ 
acy  technology. 

“At  some  point,  4G  voice  on  LTE  will 
become  the  norm,”  Melone  says.  “But  we  may 
have  to  start  off  with  dual-radio  devices.  ■ 


More  online 

Read  an  indepth  inter¬ 
view  Network  World’s 
Brad  Reed  had  with 
Verizon  Wireless’  CTO 
Tony  Melone  at  tinyurl. 
com/yjmpdlo 
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the  security  arm  of  EMC,  agreed  that  cus¬ 
tomers  need  to  be  assured  the  cloud  is  safe. 
Coviello  told  the  4,000  attendees  that  cloud 
services  will  inevitably  be  adopted  widely 
because  of  the  huge  financial  benefits  they 
offer.  “But  you  won’t  want  any  part  of  that 
unless  service  providers  can  demonstrate 
their  ability  to  effectively  enforce  policy, 
prove  compliance  and  manage  multi  ten¬ 
ancy,”  he  said. 

The  big  problem  is  trust,  he  said.  His  com¬ 
pany  announced  a  partnership  with  Intel  and 
VMware  to  improve  trust  by  enabling  mea¬ 
surement  of  cloud  providers’  security.  The 
effort  would  let  customers  of  cloud  infrastruc¬ 
ture  services  weigh  the  security  of  the  service 
and  get  metrics  to  deliver  to  auditors  who  are 
sent  to  determine  whether  businesses  com¬ 
ply  with  government  and  industry  security 
standards.  “Service  providers  should  be  able 
to  tell  compliance  officers  and  auditors  just 
about  anything  they  need  to  know  —  with 
verifiable  metrics,”  Coviello  said. 

But  warnings  about  other  cloud  threats 
came  through  loud  and  clear.  At  the  Cloud 
Security  Alliance  Summit  held  earlier  in  the 
conference,  for  example,  the  CSA  announced 
a  report  on  its  top  concerns  about  cloud 
security,  and  they  were  major,  including 
documented  use  of  cloud  infrastructure-as- 
a-platform  to  launch  botnets. 

CSA,  an  industry  consortium  of  users  and 
vendors,  also  highlighted  vulnerabilities  in  the 
means  given  to  cloud  customers  to  access  and 
manage  the  services  they  buy.  These  APIs  are 
not  necessarily  secure  and  could  offer  attack¬ 
ers  a  chink  through  which  they  could  infiltrate 
cloud  networks  and  the  corporate  content 
entrusted  to  them.  The  answer:  “Ensure  strong 
authentication  and  access  controls  are  imple¬ 
mented  in  concert  with  encrypted  transmis¬ 
sion,”  CSA  said.  CSA’s  report  details  10  threats 
as  well  as  fixes,  but  stands  as  a  warning  about 
embracing  cloud  services  without  carefully 
weighing  the  downsides. 

While  Coviello  touted  the  ability  to  give 
auditors  and  compliance  officials  the  data 
they  need  to  assure  businesses  meet  security 
regulations,  the  validity  of  such  regulations 
was  questioned  by  the  top  White  House 
cybersecurity  adviser  during  his  keynote 
address.  Cybersecurity  coordinator  Howard 
Schmidt  said  security  compliance  under  the 
Federal  Information  Security  Management 
(FISM)  Act  is  flawed.  “You  can  be  FISM  com¬ 
pliant  but  still  not  be  secure,”  he  said.  “We 
agree  that  work  needs  to  be  done  on  that.” 

He  said  the  government  is  addressing  it  with 
recommendations  from  the  federal  budget 
watchdog  agency,  the  Office  of  Management 
and  the  Budget,  due  out  next  month.  Rather 


than  meeting  a  set  of  regulations,  agencies  will 
have  to  meet  performance  metrics.  “These  new 
metrics  begin  to  move  us  from  a  static  compli¬ 
ance-based  metrics  program  to  a  continuous 
monitoring  capability,”  he  said. 

Meanwhile,  U.S.  Secretary  of  Homeland 
Security  Janet  Napolitano  came  to  the  confer¬ 
ence  as  a  recruiter,  using  her  keynote  address 
to  acknowledge  that  government  talent  alone 
cannot  address  the  threats  the  country  faces. 
She  announced  that  her  department  is  seek¬ 
ing  to  fill  top  cybersecurity  posts  with  candi¬ 
dates  from  outside  government. 

Government  can’t  do  the  job  itself  because 
the  vast  majority  of  the  U.S.  cyber  infrastruc¬ 
ture  is  privately  owned.  “I  ask  you  to  redou¬ 
ble  the  efforts  that  you  are  making  to  increase 
security,  to  increase  reliability  and  to  increase 
the  quality  of  the  products  that  you  have  that 
enter  the  global  supply  chain,”  she  said. 

She  issued  a  call  for  automated  security, 
and  said  that  the  government  is  working  on 
an  intrusion-prevention  system  (IPS)  to  pro¬ 
tect  U.S.  agency  networks.  She  said  the  gov¬ 
ernment  is  upgrading  its  intrusion-detection 
platform,  Einstein  2,  to  an  IPS,  called  Einstein 
3.  Einstein  2  is  deployed  in  nine  federal  agen¬ 
cies  as  well  as  in  the  networks  of  carriers 
AT&T,  Qwest  and  Sprint.  Verizon  is  on  the 
list  to  get  it,  too. 


But  Einstein  3  would  automatically  detect 
malicious  activity  and  disable  attempted 
intrusions  before  they  can  do  harm,  Napoli¬ 
tano  said.  She  didn’t  say  when  it  will  be 
deployed. 

Meanwhile,  RSA  Conference  attendees 
heard  about  threats  and  the  means  for  coun¬ 
tering  them.  For  instance,  Jeremiah  Gross- 
man,  CTO  of  White  Hat  Security,  warned 
about  an  undetectable  browser  exploit  that 
bares  corporate  networks  to  attackers.  Called 
DNS  rebinding,  attackers  turn  victims’ 
browsers  into  Web  proxies  that  do  the  attack¬ 
ers’  bidding,  he  said. 

The  attack  works  by  tricking  browsers 
into  seeking  internal  servers  on  the  victim’s 
network  under  the  direction  of  the  attacker, 
who  can  direct  it  to  find  and  send  corpo¬ 
rate  data,  he  said.  The  browser  exhibits  no 
behavior  out  of  the  ordinary,  so  the  attacks 
go  unnoticed. 

And  the  conference  named  Altor  Net¬ 
works  as  winner  of  its  Innovation  Sandbox 
competition  for  most  innovative  product 
from  a  vendor  with  less  than  $5  million  per 
year  in  business.  Altor  makes  a  virtual  fire¬ 
wall  platform  for  protecting  VMware  virtual 
machines  that  includes  firewall  and  intrusion 
detection.  It  operates  from  within  the  hyper¬ 
visor  and  the  virtual  switch.  ■ 


CISOs  rain  on  cloud-computing 
parade  at  RSA 


BY  ELLEN  MESSMER 

SAN  FRANCISCO  —  Economic  pressures 
are  driving  more  businesses  and  govern¬ 
ments  to  nervously  eye  cloud  computing, 
despite  myriad  unanswered  questions  that 
swirl  around  a  single  central  concern:  secu¬ 
rity.  This  was  the  backdrop  for  a  panel  dis¬ 
cussion  between  chief  information  security 
officers  at  last  week’s  RSA  Conference. 

“We’re  all  in  dire  straits,”  said  Seth  Kula- 
kow,  Colorado’s  CISO.  “Cloud  computing  is 
obviously  on  everybody’s  mind.”  But  even  if 
cloud-computing  looks  like  a  bargain,  “it’s 
got  to  have  the  same  kind  of  risk  controls 
you  have  now.” 

“It’s  imperative  we  look  at  it,”  said 
Nevada’s  CISO  Christopher  Ipsen,  who  had 
noted  that  the  economic  crisis  and  housing- 
market  collapse  have  left  his  state’s  financial 
situation  “extremely  bad.” 

“We  are  doing  some  cloud  services  with 
e-mail,”  said  California’s  CISO,  Mark 
Weatherford.  “It’s  very  efficient.  We  can’t 


ignore  the  benefits  in  the  cloud,  but  we 
have  to  proceed  carefully.”  The  Los  Angeles 
Police  Department  is  regarded  as  the  state’s 
early  adopter  since  its  move  to  a  cloud-com¬ 
puting  arrangement  with  Google. 

But  giving  up  control  over  IT  infrastruc¬ 
ture  and  software  assets  in  favor  of  rental 
and  pay-as-you-go  models  evokes  anxiety, 
too.  “What  I’m  most  worried  about  is  cata¬ 
strophic  failure,  and  if  we  put  all  our  eggs  in 
one  basket,  someone  in  the  middle  holds  the 
keys,”  Ipsen  noted. 

IT  customers  are  not  the  only  parties  that 
need  to  evolve  their  thinking,  panelists  said. 

“The  cloud  represents  a  fundamental 
change  in  how  vendors  will  work  with  their 
customers,”  said  Forrester  Research  analyst 
Jonathan  Penn.  “We  need  some  sort  of  stan¬ 
dardization  in  this  so  we  can  have  some  way 
of  comparing  platforms  and  levels  of  service 
so  I  can  understand  what  I’m  getting.” 

IDC  analyst  Chris  Christiansen  said  the 
cloud  security  market  is  estimated  at  $1  bil¬ 
lion,  mainly  for  e-mail  and  Web  services. 
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All  cloud  all  the  time  at  RSA  security 


LIKE  A  fickle  12-year-old  with  a  favorite  pop 
band,  the  security  industry  has  forgotten  all 
about  last  year’s  fads  and  is  focused  on  a  new 
one:  cloud  computing. 

This  was  exceedingly  evident  at  last  week’s  RSA  Conference  in  San 
Francisco,  which  boasted  significantly  improved  attendance  including 
actual  users  and  buyers. 

It  all  made  for  a  fun  game  of  cloud  bingo:  start  the  timer  when  a  ven¬ 
dor  briefing  begins  and  wait  until  you  hear  the  word  “cloud”  —  then 
jump  up  and  shout  “bingo”  (not  an  original  idea  —  Bruce  Schneier 
publishes  an  excellent  RSA  bingo  card).  Few  vendors  made  it  past  the 
10-minute  mark. 

Cloud  is  the  latest  frontier  of  security  marketing,  if  not  of  actual 
products  or  customer  deployments.  As  our  research  shows,  less 
than  1%  of  the  people  who  participate  have  deployed  anything  in  an 
infrastructure-as-a-service  (IaaS)  cloud,  though  we  do  see  quite  a  bit 
of  adoption  in  software-as-a-service  (SaaS). 

RSA  President  Art  Coviello  observed  that  this  may  be  the  first  time 
the  industry  has  started  working  on  the  security  problems  before  the 
technology  is  mainstream.  In  a  way,  this  is  a  welcome  departure  from  the 
usual  state  of  affairs  where  security  is  a  long  delayed  afterthought. 

For  companies  that  already  use  IaaS  cloud  (such  as  my  company 
Nemertes  Research),  the  issues  of  security  are  not  mere  philosophi¬ 
cal  musings.  We  have  to  soberly  examine  the  inherent  risks  and  build 
compensating  controls. 


Cisco’s  Chris  Hoff  opened  the  Cloud  Security  Alliance  Summit  at 
RSA  with  a  pragmatic  assessment  of  the  issue  of  cloud  security.  For 
Hoff,  the  question  “Is  the  cloud  secure?”  is  pointless,  and  “Compared 
to  what?”  is  the  only  sensible  answer. 

The  cloud  pragmatist  will  have  to  weigh  the  relative  security  of  a 
cloud  as  compared  with  alternatives  such  as  hosting,  collocation  or  his 
own  data  center.  The  cloud  is  a  platform  shift  that  forces  us  to  refocus 
on  the  tried-and-true  approaches  that  we  have  been  discussing  for  at 
least  a  decade:  data-centric  and  identity-centric  security,  the  perimeter- 
of-one  model,  the  need  for  audit  and  assurance. 

On  the  topic  of  audit  and  assurance,  one  of  the  more  interesting 
elements  of  the  Cloud  Security  Alliance  Summit  was  the  A6  work¬ 
group,  which  aims  “to  provide  a  common  interface  that  allows  pro¬ 
viders  to  automate  the  audit,  assertion,  assessment  and  assurance 
of  their  environments  and  allow  authorized  consumers  of  their  ser¬ 
vices  to  do  likewise  via  an  open,  extensible  and  secure  API  across 
SaaS,  [platform-as-a-service]  and  IaaS  offerings.”  A6  could  be  a 
useful  standard. 

RSA  2010  is  a  promising  indicator  for  the  year:  palpable  enthusi¬ 
asm,  excitement  and  activity,  and  real  users  actually  interested  in  buy¬ 
ing  stuff.  A  big  change  from  2009.  S 

Antonopoulos  is  a  senior  vice  president  and  founding  partner  at 
Nemertes  Research,  an  independent  technology  research  firm.  He  can 
be  reached  at  andreas@nemertes.com. 


and  trying  to  track  it  is  going  to  be  a  challenge 
since  many  new  forms  of  product  and  service 
delivery  are  arising. 

So,  too,  are  horror  stories,  including  one 
about  an  enterprise  that  needed  to  pay 
$170,000  merely  to  pry  its  own  data  back 
from  a  cloud  service. 

“Just  about  any  kind  of  dispute  can  arise  in 
a  cloud-computing  relationship,”  said  Tanya 
Forsheit,  founder  and  partner  at  Information 
Law  Group.  “The  inability  to  obtain  data,  the 
level  of  data  security,  the  allocation  of  liabil¬ 
ity  in  the  result  of  a  breach,  and  what  are  the 
default  rules?”  Privacy  regulations  in  the 
United  States  and  Europe,  for  instance,  may 
mean  that  certain  kinds  of  sensitive  data  sim¬ 
ply  cannot  move  about  freely. 

And  a  tricky  aspect  in  cloud  negotiations 
is  that  there’s  the  strong  perception  that  most 
cloud-service  providers,  Amazon  Web  Ser¬ 
vices  included,  are  not  “transparent”  enough 
about  their  internal  infrastructure.  And  this 
secrecy  is  making  the  legal  situation  more 
tenuous  and  expensive  than  it  should  be. 

“I  call  it  ‘faith-based  IT,”’  quipped  Chris 
Whitener,  chief  security  strategist  at  HP. 
“They  think  they’ll  use  it  and  nothing  will 
happen  to  them.” 

But  HP,  now  one  of  the  world’s  largest  data 
outsourcing  companies  since  its  merger 


We’re  all  in  dire  straits.  Cloud  computing 
is  obviously  on  everybody’s  mind.” 


SETH  KULAKOW,  COLORADO,  CISO 


with  EDS,  is  in  internal  foment  to  redefine  or 
expand  its  data  center  services,  often  com¬ 
pleted  in  multi-year  formalized  contracts,  to 
add  more  flexible  on-demand,  pay-as-you-go, 
cloud- like  services.  With  announcements  on 
that  score  possible  later  this  year,  HP  is  mull¬ 
ing  possibilities  such  as  cloud  services  with 
well-defined  security  services,  though  won¬ 
dering  whether  customers  so  eager  for  bar¬ 
gains  will  pay  a  bit  more  for  better  security, 
such  as  PCI-compliant  computing  clouds. 

But  the  high-tech  industry,  re-inventing 
itself  in  virtualization,  does  seem  to  be  bet¬ 
ting  that  customers  will  demand  the  means 
to  extend  security  controls  from  the  enter¬ 
prise  into  the  cloud.  And  this  idea  is  trigger¬ 
ing  a  new  era  of  creative  change  among  long- 
established  security  vendors. 

At  RSA  last  week,  CA  announced  how  its 
Identity  Manager  product  can  be  used  with 
Salesforce’s  Sales  Cloud  2  service  so  CA  cus¬ 
tomers  can  automatically  provision  and  de¬ 
provision  access  and  privileges.  And  Cisco 
outlined  a  product-development  strategy 
for  mobile  and  cloud-based  security,  with 


products  expected  in  the  second  quarter. 

Trend  Micro  is  making  a  leap  into  the 
area  of  encryption,  primarily  to  come  up 
with  new  ways  to  protect  customer  data  as  it 
transits  the  Internet  and  ends  up  stored  in  a 
cloud-computing  facility. 

Encryption  vendor  PGP  is  also  preparing 
to  provide  a  new  range  of  options  for  cloud- 
based  computing,  says  PGP  President  and 
CEO  Phil  Dunkelberger.  He  argues  the  pub¬ 
lic-key  encryption  model  favored  by  PGP 
will  triumph  over  any  private-key  models. 
McAfee,  is  also  expected  to  make  cloud-secu¬ 
rity  announcements  in  the  next  week  or  so. 

Some  vendors,  though,  are  having  to 
admit  their  cloud-computing  security 
efforts  are  dragging  on.  VMware  and  RSA, 
for  instance,  at  a  press  conference  last  week 
acknowledged  that  the  initiative  they  had 
announced  at  RSA  in  2009  to  integrate  the 
RSA  data-loss  prevention  (DLP)  technol¬ 
ogy  into  VMware’s  vSphere  product  had 
not  progressed  as  quickly  as  expected,  and  it 
remains  uncertain  whether  a  DLP  integrated 
vSphere  will  be  out  by  year-end.  H 
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Internet  freedom  and  security 


IT'SALREADY  been  a  busy  year  in  the  area 
of  Internet  freedom  and  security. 

First,  Google  reported  that  it,  along  with 
a  bunch  of  other  major  companies,  had  been  hacked,  and  pointed  the 
finger  at  China.  Then  Secretary  of  State  Hillary  Rodham  Clinton  gave 
a  few  “Remarks  on  Internet  Freedom”  in  which  she  pushed  for  one 
Internet,  without  barriers. 

Separately,  the  Federal  Trade  Commission  notified  about  100  com¬ 
panies  that  some  of  their  secrets  had  been  exposed  by  employees  who 
were  running  peer-to-peer  software. 

Finally  the  Internet  security  firm  Net  Witness  said  that  it  had  figured 
out  that  75,000 computers  at  2,500  companies  had  been  compromised 
with  the  ZeuS  Trojan  starting  in  2008. 

Nope  —  not  a  good  start  to  2010.  I’d  like  to  think  things  will  quiet  down 
some  for  the  rest  of  the  year  but  it  does  not  look  like  that  will  happen. 

In  early  January,  Google  announced  that  it  had  been  hacked  from 
China,  that  the  hackers  seemed  to  be  after  the  Gmail  accounts  of  Chi¬ 
nese  human  rights  activists  and  that  Google  was  going  to  review  “fea¬ 
sibility  of  our  business  operations  in  China.” 

Well,  that  caused  quite  a  splash.  Google’s  accusation  fit  so  well  with 
the  general  public  perception  of  China’s  approach  to  the  Internet  that 
it  was  easy  to  assume  that  the  hacking  was  directed  by  the  Chinese 
government. 

Clinton  did  not  go  quite  so  far  as  to  accuse  the  Chinese  government 
of  complicity  during  her  speech  on  Internet  freedom,  but  she  did  call 
upon  it  to  “conduct  a  thorough  review”  of  the  Google  hacks  and  that  the 
results  of  the  review  be  transparent.  Clinton’s  speech  was  quite  a  good 
one  from  the  point  of  view  of  those  of  us  who  value  the  positive  impact 
of  the  communication  enabled  by  the  Internet. 

Properly,  she  did  not  hide  the  fact  that  communication  over  the 
Internet  can  be  used  for  good  (human  rights  activists)  and  evil 


(terrorists). 

But  she  said  that  “this  issue  isn’t  just  about  information  freedom;  it 
is  about  what  kind  of  world  we  want  and  what  kind  of  world  we  will 
inhabit.  It’s  about  whether  we  live  on  a  planet  with  one  Internet,  one 
global  community,  and  a  common  body  of  knowledge  that  benefits  and 
unites  us  all,  or  a  fragmented  planet  in  which  access  to  information  and 
opportunity  is  dependent  on  where  you  live  and  the  whims  of  censors.” 

She,  clearly,  was  on  the  side  of  one  Internet. 

Meanwhile,  ex-NSA  director  Mike  McConnell,  writing  in  the  Wash¬ 
ington  Post,  had  a  different  take:  “we  need  to  reengineer  the  Internet  to 
make  attribution,  geolocation,  intelligence  analysis  and  impact  assess¬ 
ment  —  who  did  it,  from  where,  why  and  what  was  the  result  —  more 
manageable.” 

Repressive  governments  would  love  McConnell’s  Internet.  It  would 
be  easy  for  censors  to  satisfy  whims  on  his  Internet. 

But,  not  to  worry,  reengineering  the  Internet  would  be  as  easy  as 
reengineering  the  world’s  highway  system,  if  the  highways  were  90% 
owned  by  private  companies  (as  the  Internet  is). 

Maybe  companies  that  connect  to  the  Internet  need  to  be  more  care¬ 
ful  and,  in  particular,  companies  that  sell  computers  that  connect  to 
the  Internet  need  to  actually  make  security  a  primary  concern  and  post 
fixes  to  vulnerabilities  a  lot  faster  than  they  do  now. 

I’d  rather  Clinton’s  Internet  than  McConnell’s,  but  I  recognize  that 
the  latter  seems  attractive  to  those  who  only  look  at  the  security  prob¬ 
lem  and  ignore  the  freedom  one. 

Disclaimer:  I  did  not  ask  the  university  if  it  would  do  away  with  free¬ 
dom  to  get  some,  but  not  much,  security  —  can  guess  the  answer.  But, 
since  it  would  be  a  guess,  the  above  is  my  opinion.  ■ 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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Google  throws  down  the  broadband  gauntlet 


YOU  HAVE  to  give  Google  points  for  great 
timing  —  and  an  entertaining  sense  of  mis¬ 
chief.  Just  as  the  telcos  are  gearing  up  for 
battle  with  the  Federal  Communications  Commission  over  the  feasi¬ 
bility  of  widespread  broadband,  Google  rolls  out  an  audacious  plan  to 
deliver  gigabit/sec  residential  connectivity  to  some  500,000  users. 

The  move  is  a  direct  challenge  to  both  the  FCC  and  the  telcos  whose 
Internet  business  the  FCC  is  seeking  to  regulate.  On  March  17,  the  FCC 
plans  to  roll  out  its  Broadband  Internet  Stimulus  plan,  which  aims 
to  mandate  low-cost,  high-speed,  universal  connectivity.  The  FCC’s 
vision  is  that  every  household  should  have  100Mbps  Internet  access 
within  the  next  10  years. 

The  carriers  say  it  can’t  be  done  —  that  100Mbps  within  10  years 
is  too  aggressive.  And  they  also  say  the  FCC  has  no  right  to  regulate 
Internet  access  (including  broadband)  in  order  to  reach  its  universal- 
service  goals.  Specifically,  a  federal  appeals  court  is  set  to  rule  over  the 
FCC’s  ability  to  regulate  broadband,  stemming  from  a  2007  case  in 
which  the  FCC  fined  Comcast  for  violating  net  neutrality  policies.  If 
the  ruling  is  overturned  (which  court  watchers  say  is  likely)  it  will  be 
on  the  grounds  that  the  FCC  lacks  jurisdiction  over  telcos’  Internet 
access  offerings. 

If  that  happens,  the  broadband  stimulus  plan  is  dead  in  the  water, 
since  it  relies  on  mandating  broadband  access.  Unless,  that  is,  the  FCC 


moves  to  reclassify  Internet  services  as  Title  II  common  carrier  ser¬ 
vices,  which  transport  people  or  goods  under  regulatory  supervision. 
The  carriers  have  preemptively  warned  the  FCC  not  to  attempt  to  do 
that,  calling  reclassification  akin  to  opening  Pandora’s  box. 

So  on  the  one  hand,  you  have  the  carriers  howling  about  the  impos¬ 
sibility  of  ubiquitous  broadband.  On  the  other,  there’s  the  FCC  threat¬ 
ening  to  use  the  big  stick  of  regulation  to  make  the  carriers  roll  it  out. 
And  over  on  the  sideline,  Google’s  doubtless  giggling  over  the  way 
its  own  broadband  network  makes  both  the  telcos  and  the  FCC  look 
lame. 

But  Google’s  glee  may  be  premature.  If  the  FCC  succeeds  in  reclas¬ 
sifying  Internet  access  as  Title  II  services,  Google  may  find  itself  and 
its  broadband  network  under  regulation  —  not  nearly  as  much  fun 
as  watching  the  FCC  regulate  someone  else.  And  broadband  isn’t  the 
only  potential  for  regulation  —  a  U.K.-based  Web  site  recently  filed  a 
motion  with  the  FCC  requesting  enforcement  of  “open  search”  rules  to 
complement  net  neutrality. 

If  all  this  comes  to  pass,  Google  may  be  trading  gauntlets  for  boxing 
gloves  —  and  gearing  up  for  a  tussle  of  its  own  with  the  FCC.  ■ 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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TREND  ANALYSIS 


BYJON  BRODKIN   

IBM  IS  planning  to  release  a  new  class  of 
x86  servers  that  treat  memory,  processors 
and  solid-state  disk  as  interchangeable 
components,  saying  a  more  flexible  server  is 
needed  to  satisfy  the  requirements  of  virtual¬ 
ized  data  centers. 

IBM’s  new  eX5  server  line,  based  on  Intel’s 
upcoming  Nehalem-EX  chips,  is  an  early 
example  of  what  Gartner  calls  “fabric-based” 
computing,  which  allows  customers  to  scale 
up  memory  and  other  resources  without  nec¬ 
essarily  having  to  buy  a  new  server.  IBM  says 
its  goal  is  to  move  beyond  today’s  industry- 
standard  servers  to  offer  something  more  scal¬ 
able  and  tuned  to  fit  demanding  workloads. 

Today,  “if  a  user  needs  more  memory  and 
only  more  memory,  the  user  has  to  buy  a  whole 
new  server,”  says  Tom  Bradicich,  IBM  fellow 
and  vice  president  of  systems  technology. 

For  three  decades,  x86  servers  have  been 
based  on  a  desktop  PC  architecture  that  locks 
memory  and  processors  together,  and  that 
model  is  becoming  outdated  and  contrib¬ 
uting  to  sprawl  and  the  underutilization  of 
individual  servers,  Bradicich  says. 

“Fundamentally,  we  don’t  think  it’s  a  good 


strategy  to  allow  the  base  archi¬ 
tecture  of  the  desktop  PC  to  mas¬ 
querade  as  an  enterprise  server,” 
he  says. 

IBM’s  eXS  servers  will  come  in  blade  and 
rackmount  configurations,  with  the  first  ones 
being  released  later  in  March.  IBM  is  tak¬ 
ing  the  Intel  architecture  and  adding  a  chip 
of  IBM’s  own  design  that  reduces  latency 
between  memory  and  processors.  IBM  claims 
the  new  servers  will  improve  database  perfor¬ 
mance  by  a  factor  of  30  over  current  systems, 
while  greatly  improving  performance-per- 
watt  and  virtual  server  density. 

Illuminata  analyst  Gordon  Haff  says  IBM’s 
use  of  memory  will  be  interesting  to  custom¬ 
ers  with  virtualization  deployments. 

“Memory  is  a  big  deal  with  virtualization, 
because  one  of  the  things  we’re  seeing  with 
virtual  servers  is  you  tend  to  run  out  of  mem¬ 
ory  before  you  run  out  of  CPU,”  Haff  says. 

IBM  is  making  its  announcement  ahead 
of  Intel’s  Nehalem-EX  unveiling,  expected 
for  later  in  March.  But  IBM  won’t  be  the  only 
vendor  addressing  memory  needs  of  virtual¬ 
ized  data  centers,  Haff  says. 

Cisco’s  Unified  Computing  System  has 
“Extended  Memory”  technology,  and  other 


IBM’s  new  eX5  server  line  is  based  on  Intel’s 
upcoming  Nehalem-EX  chips. 

server  vendors  can  be  expected  to  unveil  new 
memory  capabilities  based  on  the  latest  Intel 
processors,  Haff  says. 

IBM  says  eX5  is  part  of  its  plan  to  overtake 
HP  in  the  x86  market.  Haff  says  IBM  seems 
to  be  adapting  its  mainframe  and  Power 
strategy  to  the  x86  space  by  tailoring  prod¬ 
ucts  to  fit  specific  workloads. 

The  new  servers  will  include  a  blade  sys¬ 
tem,  a  two-socket  rack-mount  server  and  a 
four-socket  rack-mount  server. 

The  servers  will  allow  customers  to  add 
up  to  32  DIMMs  of  memory,  and  several 
terabytes  of  flash  storage  to  improve  I/O 
throughput,  Bradicich  says. 

Gartner  has  predicted  that  fabric-based 
servers  will  cost  significantly  more  than 
today’s  standard  x86  machines,  but  IBM 
contends  that  the  approach  will  also  allow 
enterprises  to  purchase  fewer  systems.  ■ 


IBM  brings  memory 
flexibility  to  x86  servers 

New  Intel  Nehalem-EX  based  machines  to  let 
customers  add  memory,  flash  storage 


ForcelO  Networks  claims  10G  Ethernet  density  lead 


BYJIM  DUFFY 

FORCEIO  NETWORKS  last  week  claimed 
leadership  in  10G  density  in  Ethernet  switch¬ 
ing  by  unveiling  a  40-port  10G  line  card  for  its 
ExaScale  switch. 

The  40-port  module  increases  the  density 
of  the  ExaScale  E1200  core  switch  to  560 
lOGbps  Ethernet  ports  in  a  single  half-rack 
chassis.  Of  those  ports,  140  run  at  line  rate 
while  the  remainder  are  oversubscribed,  the 
company  says. 

According  to  ForcelO,  contenders  include 
Cisco’s  Nexus  7018,  with  512  10G  ports  (64 
line  rate);  Brocade’s  MLX  32,  with  128  line  rate 
10G  ports;  Extreme’s  BlackDiamond,  with  194 
ports  (65  line  rate);  3Com’s  H3C  12518,  with 
512 10G  ports  (128  line  rate);  and  Juniper’s  EX 


8216,  with  128  line  rate  10G  ports. 

Market  tracker  Dell’Oro  Group  says  10G, 
which  makes  up  25%  of  the  market  in  terms  of 
revenue,  will  drive  growth  in  Ethernet  switch¬ 
ing  this  year.  It  was  the  only  segment  of  the 
switching  market  to  show  sequential  growth 
in  ports  and  revenue  in  2009. 

Dell’Oro  expects  10G  to  reach  $3.6  billion 
in  revenue  for  2010,  up  from  $2.8  billion  in 
2009.  The  overall  Ethernet  switching  mar¬ 
ket  is  expected  to  increase  4%  to  $16.3  billion, 
according  to  the  firm. 

Of  that,  ForcelO  owns  less  than  1%  but  the 
company  is  typically  among  the  leaders  in 
modular  10G  ports  shipped,  due  to  its  pres¬ 
ence  in  supercomputing  centers. 

Pricing  for  the  40-port  10G  Ethernet  line- 
card  starts  at  $97,500.  The  product  will  begin 


shipping  in  the  second  quarter. 

ForcelO  was  busy  last  week  as  it  also  filed 
for  a  $144  million  IPO. 

The  amount  of  shares  and  the  price  were  not 
disclosed.  Lead  managers  in  the  public  offer¬ 
ing  are  J.P.  Morgan,  Deutsche  Bank  and  Bar¬ 
clays  Capital.  It  will  be  listed  on  the  New  York 
Stock  Exchange  under  the  symbol  “FTEN.” 

ForcelO  was  founded  in  1999.  In  2009,  it 
merged  with  Turin  Networks,  a  maker  of 
telecommunications  transport  and  access 
equipment  for  carriers  and  service  providers. 
It  employs  571  people. 

The  company  booked  $138.4  million  in  rev¬ 
enue  in  2009  but  has  been  losing  money  and 
may  never  turn  a  profit,  according  to  ForcelO’s 
S-l  filing  with  the  SEC.  The  company  lost  $76 
million  in  2009  and  $55  million  in  2008.  ■ 
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TOOLS 

Geekery,  mind  mapping 
and  Chrome 


This  week  I  must  first  direct  you  to  a 
classic  bit  of  geek  entertainment  from 
the  world  of  chemistry,  a  blog  entry 
by  Derek  Lowe  on  Corante.com  titled 
“Things  I  Won’t  Work  With:  Dioxygen 
Difluoride”.  Dioxygen  Difluoride  has 
two  fluorine  atoms  and  two  oxygen 
atoms  and  is  also  called  FOOF  because  that’s  the 
noise  it  makes  (only  very  very  loudly)  when  pro¬ 
voked  by  just  about  anything. 


Mark  Gibbs’ Gearhead 


Read  the  post  and  you’ll  be  glad  that  the 
worst  thing  that  can  happen  to  you  in  IT  is  an 
occasional  electrical  shock  or  stubbing  your 
toe  on  a  server  rack  (if  you’ve  experienced 
something  nastier  drop 
me  a  note  and  I’ll  compile 
a  list). 

On  to  other  things  that 
have  attracted  my  atten¬ 
tion  recently.  First,  check 
out  TopicScape,  a  mind 
mapping  tool  published 
by  3D-Scape.  (I  discussed 
mind  mapping  software 
quite  some  time  ago  in  this 
column  at  tinyurl.com/ 
ybbpnly).  TopicScape 
takes  a  somewhat  different 
approach  by  producing  a  3D 
representation  of  what  you’re  thinking  about. 

I’ve  installed  and  beaten  up  the  student  edi¬ 
tion  and,  while  I  like  the  concept,  the  graphics 
are  a  little  disappointing  and  it  is  definitely  a 
fiendishly  and  perhaps  overly  complex  prod¬ 
uct  (see  a  review  at  tinyurl.com/y91e9w7).  I’ll 
give  TopicScape  a  rating  of  3  out  of  5.  If  you 
are  hot  on  mind  mapping,  this  product  should 
interest  you.  Let  me  know  what  you  think. 

I’ve  become  very  enamored  of  Google’s 
Chrome  browser,  which  has  become  pretty 
compelling  over  the  last  few  months.  What 


really  pushed  the  browser  over  the  accept¬ 
ability  edge  was  support  for  extensions  (plu¬ 
gins  to  you  Firefox  users  and  add-ons  to  you 
IE  adherents)  released  in  January. 

Chrome  extensions  are 
catalogued  at  chromeex- 
tensions.org  and  cover  all 
sorts  of  categories,  includ¬ 
ing  Alerts  &  Updates, 
Appearance  &  Functioning, 
Language  &  Translators, 
and  Social  &  Communica¬ 
tions.  While  the  list  still 
isn’t  as  long  as  Firefox’s, 
what  is  available  has  vastly 
improved  the  functionality 
and  usability  of  Chrome. 

For  example,  one  of  my 
favorites  is  Coollris,  an 
image  collection  display  utility  that  is  crazy 
cool.  Then  there’s  Xmarks  Bookmarks  Sync, 
which  backs  up  and  synchronizes  your 
bookmarks  across  computers  and  browsers 
and  is  also  available  for  Firefox,  Safari  and 
IE  (I  covered  Xmarks  in  my  Network  World 
Web  Applications  newsletter  at  tinyurl.com/ 
y8hz8x9). 

So,  what’s  stopping  me  from  going  com¬ 
pletely  over  to  Chrome?  Not  much.  Chrome  is 
fairly  bug  free,  which  is  impressive  for  such 

►  See  Gearhead , page  24 


Chrome  is  fairly 
bug  free,  which 
is  impressive 
for  such  a 
young  product. 


IT  asked 
and  answered 

Ron  Nutter  and  Steve  Blass 

tackle  your  tough  tech  questions  at 

tinyurl.com/yg2o434 


What’s  the  best  antivirus  tool? 


SS4S8* 
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©  Finding  the  "best”  antivirus 
program  is  something  you  will 
need  to  do  on  a  periodic  basis. 
The  program  that  is  best  today 
may  not  be  the  best  tomor¬ 
row,  depending  on  the  viruses/ 
spyware/etc.  that  you  are  trying 
to  fight.  I  keep  a  test  machine 
in  the  lab  I  use  to  view  suspect 
Web  sites  and  run  tests  with. 

This  is  a  sacrificial  lamb  that 
can  be  reinstalled  without  any 
loss  of  data.  Several  months  ago 
I  was  running  one  of  my  tests 
and  got  infected  with  a  rather 
nasty  virus.  I  had  made  sure 
before  I  started  that  all  the  latest 
Windows  patches  were  installed 
and  that  the  antivirus  package  I 
was  using  had  the  latest  updates 
and  signatures  installed.  I  still 
got  infected.  I  went  through 
nine  antivirus  packages  before 
I  found  one  that  would  remove 
the  virus.  The  package  I  had 
been  using  didn’t  acknowledge 
there  was  a  virus  on  the  system. 
Two  other  packages  would 
either  identify  the  virus  and 
do  nothing  or  would  say  it  had 
been  removed,  when  in  fact  it 
would  pop  back  when  the  com¬ 
puter  was  rebooted.  There  are 
a  variety  of  antivirus  packages 
out  there  to  choose  from,  both 
open  source  and  commercial. 

If  you  can,  try  each  to  see  how 
they  work  for  you,  what  they  are 
like  to  manage,  how  often  the 
signatures  are  updated,  what 
the  support  is  like,  etc.  Using 
a  virtual  machine  to  do  testing 
comes  in  handy.  You  can  use 
the  snapshot  feature  to  roll  the 
machine  back  to  a  known  start¬ 
ing  point  for  each  round  of  tests. 


www.networkworld.com  MARCH  8, 2010  23 


ii  toolshed 
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USB  3.0:  Separating 
hype  from  reality 


BlackArmor 
PS  110  USB  3.0 
Performance  Kit 

about  $180,  by  Seagate. 


internal  drive  (using  CrystalDiskMark  2.2 
freeware  disk  benchmarking  software).  So  in 
reality,  we  got  about  2x  read  speeds,  and  about 
3x  write  speeds  when  comparing  USB  3.0  to 
USB  2.0  on  the  same  drive. 


►  What  it  is:  This  kit  includes  a  500GB 
BlackArmor  drive,  a  USB  3.0  PC  card 
adapter  (ExpressCard  size),  cables  for 
connecting  the  two,  plus  an  additional  USB 
cable  for  power.  The  kit  allows  notebook 
users  with  ExpressCard  slots  to  connect 
the  portable  external  hard  drive  to  their 
notebook  to  achieve  faster  USB  speeds,  as 
compared  with  USB  2.0  systems.  The  drive 
also  offers  Seagate  backup  software  and 
the  ability  to  encrypt  files  via  AES  256-bit 
encryption.  If  you  don’t  want  to  connect  the 
PC  card  adapter,  the  drive  still 
works  as  a  standard  USB 
2.0  drive. 


►  Why  it’s  cool: 

The  first  batch  of 
USB  3.0  products 
are  out,  and  they 
all  promise  faster 
speeds  than 
existing  USB  2.0 
products.  How 
fast  is  a  matter  of 
debate  —  I’ve  seen 
some  vendors  claim  up 
to  lOx  speeds,  when  in  reality 
it’s  much  closer  to  a  2x  or  3x  speed 
upgrade.  The  USB  3.0  gear  also  gets  data 
transfer  speeds  closer  to  the  speed  of  the 
internal  hard  drive.  If  you  have  very  large 
files  that  you  transfer  back  and  forth  on  a 
regular  basis,  the  increased  speeds  of  USB 
3.0  can  be  very  appealing. 

In  my  tests  on  a  Windows  7  Lenovo  Think¬ 
Pad  X200  Tablet  (2.13GHz,  2GB  of  RAM),  I 
got  an  average  sequential  read  speed  of  59.02 
MBps  with  the  USB  3.0  system,  30.13  MBps 
when  using  USB  2.0  and  71.99  MBps  on  the 
internal  hard  drive.  Average  write  speeds 
were  61.74  MBps  via  USB  3.0,  16.92  MBps 
when  using  USB  2.0  and  71.12MBps  on  the 


►  Some  caveats:  I  had  one  minor  quibble 
—  I  had  to  install  the  USB  3.0  drivers  off 
the  hard  drive  by  attaching  it  via  USB  2.0 
(without  the  adapter)  first,  and  then  recon¬ 
nect  the  system  via  USB  3.0. 1  don’t  mind 
the  process  —  it  just  wasn’t  described 
in  the  quick  start  guide  or  the  manual  (I 
needed  to  call  Seagate  to  figure  out  where 
the  drivers  were). 


►  Bottom  line:  The  big  question  is  whether 
2x  read  and  3x  write  speeds  are 


The  BlackArmor 
PS  110  USB  3.0  can 
save  users  time  with 
its  2x  read  speeds  and  3x 
write  speeds. 


fast  enough  for  you  to  go  through  the  process 
of  using  the  PC  card  adapter.  Eventually, 
USB  3.0  will  be  built  into  new  PCs,  eliminat¬ 
ing  the  need  for  the  card  and  cables.  But  for 
the  person  who  transfers  30GB  files  on  a 
regular  basis,  saving  an  extra  20  minutes 
could  definitely  be  worth  it. 

►  Grade  ★★★★  (out  of  five). 


Shaw  can  be  reached  at  kshaw@nww.com. 
Follow  him  on  Twitter  at  http://twitter.com/ 
shawkeith. 
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►  Gearhead ,  from  page  23 

a  young  product  (if  you  keep  get¬ 
ting  occasional  “server  not  found” 
errors  go  to  the  options  section  and 
uncheck  “DNS  precaching” ...  works 
like  a  charm). 

There  was  one  missing  extension 
that  was,  at  least  for  me,  a  real  show 
stopper:  RoboForm.  RoboForm  is 
a  form  filling  and  recording  utility 
that  I  have  relied  on  for  years  and 
its  absence  from  Chrome  was  a  big 
deal.  While  it  is  now  finally  available, 
Chrome  support  is  a  little  odd. 

For  example,  the  user  experience 
with  this  version  is  unlike  Roboform 
in  other  browsers.  It  also  works  dif¬ 
ferently.  Unlike  previous  versions 
it  stores  all  of  your  logins  online,  a 
strategy  that  is  inline  with  Google’s 
direction  and  consistent  with  the 
architecture  of  Google’s  forthcom¬ 
ing  Chrome  OS.  Alas,  this  version  of 
RoboForm  is  buggy  and  it  seems  to 
annoy  my  bank  when  I  try  to  log  in 
(my  bank  sees  invalid  characters  in 
the  name  and  or  password).  If  you’re 
a  RoboForm  and  Chrome  user,  let 
me  know  if  you’ve  found  similar 
problems.  ■ 

Gibbs  is  peripatetic  in  Ventura,  Calif. 
Make  your  way  to  gearhead@gibbs. 
com. 
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CAT  CAT  CAT 


<0  Copyright  201 0,  ICC 


Data  Cabling  Made  Easy 


HiPerUnk 

- Copper - 


Data  Center  cabling  doesn't  have  to  be  messy. 

Try  ICC's  pre-term i noted  solutions. 

•  Factory  assembled  in  Southern  California,  turn-around  2  weeks  or  less" 

•  Factory  tested,  performance  results  included 

•  CAT  6  up  to  dB  NEXT  headroom 

•  Install  right  out  of  the  box,  modular  for  easy  MACs  later 

•  1  5  Year  Link  Performance  Warranty 

•  Cost  40%  less  than  most  name  brands,  even  less  than  on-site  cabling 
E-mail  us  or  give  us  a  call,  you  will  be  surprised  how  easy  it  is. 


icc.com/hiperfin 


‘Upon  approval  of  specs  and  terms. 
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CLEAR  CHOICE  TEST:  MICROSOFT  FOREFRONT  UNIFIED  ACCESS  GATEWAY 

Microsoft  delivers  feature-rich  SSL  VPN 

Forefront  UAG  is  enterprise-grade,  software-based  remote  access  tool 


BY  JOEL  SNYDER 

We  tested  Whale  Communi¬ 
cations’  SSL  VPN  in  2003 
and  the  product  didn’t  fare 
very  well.  Microsoft  bought 
Whale  in  2006,  jettisoned 
some  of  the  strange  idiosyncrasies  of  the 
product,  dramatically  simplified  manage¬ 
ment,  and  subsequently  integrated  several 
Vista  and  Windows  7  technologies. 

The  latest  version  of  the  product,  called 
Forefront  Unified  Access  Gateway  2010, 
offers  a  great  SSL  VPN  feature  set,  especially 
when  integrated  into  an  existing  Microsoft 
Windows  network  and  when  used  to  provide 
staff  access  to  enterprise  applications. 

There  are  some  weaknesses,  such  as  sup¬ 
port  for  non-Windows  platforms  and  extra- 
net  support.  But  the  product’s  strengths, 
including  configuration,  ease-of-use  and 
single  application  publishing,  bring  it  to  the 
forefront  of  the  SSL  VPN  marketplace. 

Forefront  UAG,  formerly  known  as  Intel¬ 
ligent  Application  Gateway  (IAG),  is  part  of 
Microsoft’s  Forefront  line  of  security  tools. 
Forefront  UAG  distinguishes  itself  from 
most  other  SSL  VPN  products  in  three  ways. 
First,  it  is  a  software-only  solution  licensed 
on  a  per-user  basis.  Although  the  underly¬ 
ing  Windows  and  UAG  server  licenses  aren’t 
inexpensive  and  UAG  won’t  share  a  server 
with  other  applications,  being  software- 
only  makes  it  an  affordable  solution  when 
licensing  250  or  more  simultaneous  users, 
especially  in  organizations  that  have  volume 
license  agreements  for  Windows  server. 

Second,  UAG  provides  some  application- 
layer  firewalling  capability.  Most  other  SSL 
VPNs  provide  only  minimal  application-layer 
inspection  of  content,  focusing  on  correctly 
rewriting  URLs  rather  than  blocking  poten¬ 
tially  hazardous  URLs.  UAG  goes  beyond 
this  by  providing  some  URL  syntax  check¬ 
ing,  which  can  protect  against  some  types  of 
attacks,  such  as  SQL  injection. 

Third,  UAG  includes  Microsoft’s  new 
DirectAccess  technology,  an  IPv6-based 
feature  that  can  simplify  end-to-end  VPNs 
by  reducing  the  need  for  VPN  gateways  and 
easing  the  deployment  of  remote  access  VPNs 
across  a  Windows  domain. 

Included  in  Forefront  UAG  are  large  chunks 
of  Forefront  Threat  Management  Gateway 
(TMG),  the  recently  re-named  Microsoft  ISA 
firewall  product.  However,  TMG’s  main  pur¬ 
pose  in  UAG  is  protection  of  the  UAG  server, 
and  Microsoft  places  strict  limits  on  what  is 
and  is  not  permitted  with  TMG. 


CLEAR 

CHOICE 

test% 


In  other  words,  if  you  were  hoping  for  a  full 
pure  Microsoft  firewall  and  SSL  VPN  solu¬ 
tion  in  a  single  system,  this  isn’t  it.  Forefront 
UAG  also  requires  Windows  2008  Server  R2 
(a  64-bit  only  version  of  Windows). 

Authorization  angst 

SSL  VPNs  start  by  authenticating  the  user, 
so  we  tested  that  first.  Most  deployments  will 
probably  use  the  built-in  Active  Directory 
links,  which  is  a  good  thing,  because  we  had 
a  difficult  time  making  any  of  the  alternative 
authentication  options  work. 

Officially,  UAG  offers  a  wide  variety  of 
other  authentication  sources,  including 
RADIUS,  several  Lightweight  Directory 
Access  Protocol  (LDAP)  directories,  as  well 
as  more  obscure  methods.  We  tested  the  ones 
we  thought  would  be  most  useful,  includ¬ 
ing  Active  Directory,  LDAP,  RADIUS  and 
SecurlD. 

The  good  news  is  that  we  were  able  to  make 
authentication  work  with  all  sources,  with 
only  minor  restrictions.  LDAP  authentica¬ 
tion,  always  one  of  the  biggest  bugaboos,  is 
helped  in  UAG  by  the  creation  of  templates 
for  some  common  LDAP  servers.  However,  if 
you  have  chosen  to  make  any  adjustments  to 
the  schema  of  those  servers,  you  won’t  be  able 
to  use  them  with  UAG.  Because  our  server 
looked  mostly  like  a  standard  Netscape  LDAP 
server  (one  of  the  choices),  we  were  able  to 
authenticate  successfully. 

Where  we  ran  into  problems  was  in  the 
authorization  side  of  the  house.  In  SSL  VPNs, 
authorization  is  a  critical  feature  that  lets 
you  build  security  policy  differently  for  dif¬ 
ferent  groups  of  users.  Most  SSL  VPNs,  UAG 
included,  use  the  concept  of  “groups”  to  pro¬ 
vide  access  control. 

We  wanted  to  see  how  well  we  could  get 
group  information  out  of  our  authentica¬ 
tion  servers  to  the  UAG.  We  found  that  UAG 
wouldn’t  work  properly  with  any  of  the  serv¬ 
ers  we  tried,  for  different  reasons  each  time. 

With  LDAP,  since  our  server  didn’t  match 
exactly  the  schema  that  UAG  had  built-in,  our 
group  hierarchy  wasn’t  available,  and  UAG 


couldn’t  see  it.  With  RADIUS,  UAG’s  option 
to  customize  the  extraction  of  group  informa¬ 
tion  was  grayed  out  and,  more  importantly, 
we  couldn’t  add  these  groups  to  our  access 
control  lists.  With  SecurlD,  we  wanted  to  get 
group  information  out  of  Active  Directory  —  a 
common  approach  for  most  enterprises  using 
SecurlD  —  but  couldn’t  make  that  work  either, 
even  with  a  Microsoft  guru  on-site  to  help. 

If  your  plans  for  UAG  are  exclusively  built 
around  a  fairly  standard  Active  Directory,  and 
if  you  don’t  plan  on  using  external  sources  for 
authorization,  then  UAG’s  authentication  fea¬ 
tures  will  be  quick  and  easy  to  use.  However, 
if  you  want  to  integrate  your  SSL  VPN  across 
other  directory  services  besides  Active  Direc¬ 
tory,  UAG  may  not  work  well  for  you. 

Endpoint  security: 

Works  fine  on  Windows 

Endpoint  security  is  a  commonly  used  fea¬ 
ture  in  SSL  VPNs  because  it  lets  the  network 
administrator  check  compliance  before  let¬ 
ting  a  remote  system  connect.  Reflecting  its 
pre-Microsoft  heritage,  Forefront  UAG  offers 
two  separate  ways  of  handling  endpoint  secu¬ 
rity:  a  comprehensive  and  extensive  set  of 
policy  building  blocks  based  on  UAG-specific 
host  checking  software,  or  the  option  to  sim¬ 
ply  defer  to  Microsoft’s  own  network  access 
control  technology  built  into  newer  Windows 
distributions,  Network  Access  Protection 
(NAP).  You  can  also  use  both. 

We  dove  deepest  into  the  built-in  policy 
tools,  and  found  that  we  were  able  to  cre¬ 
ate  moderately  sophisticated  access  control 
policies  using  a  well-designed  management 
system. 

UAG  offers  the  ability  to  define  separate 
policies  for  the  major  operating  system, 
Windows,  Mac  OS  X  and  Linux.  Each  policy 
can  have  its  own  set  of  rules,  defined  using  a 
typical  Boolean  logic.  Our  example  policy  let 
users  in  if  they  had  Sophos  antivirus  installed, 
running  and  up-to-date,  along  with  either 
the  Sophos  or  Microsoft  personal  firewalls 
installed  and  running.  We  tested  to  be  sure 
that  various  “misconfigurations”  would  block 
us  out,  and  UAG  worked  very  well  here. 

UAG’s  capabilities  for  Mac  and  Linux 
didn’t  work  as  well,  although  it  was  not  for 
lack  of  trying.  UAG  has  a  policy  definition 
language  for  both  these  operating  systems. 
For  example,  we  could  have  checked  for  the 
presence  of  any  of  10  different  Mac  OS  X  per¬ 
sonal  firewalls.  That’s  what  we  selected.  With 
Apple’s  Safari  and  Google’s  Chrome  browsers, 
UAG  simply  refused  to  even  start  its  endpoint 
compliance  checking.  With  Firefox,  we  got  an 
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endpoint  compliance  check,  but  a  false  posi¬ 
tive:  even  with  Apple’s  firewall  turned  on,  we 
couldn’t  get  in. 

It’s  possible  —  even  likely  —  that  with  suffi¬ 
cient  rooting  around  in  the  depths  of  UAG  and 
our  Mac  clients  we  could  make  this  work,  but 
our  testing  shows  pretty  clearly  that  it  doesn’t 
work  well  out-of-the-box  on  these  operating 
systems.  Your  best  bet  is  not  to  count  on  EPS 
checking  working  on  non-Windows  operat¬ 
ing  systems. 

Fortunately,  UAG  provides  a  fine-grained 
way  to  control  how  end-point  security 
affects  access.  You  can  require  endpoint 
security  to  “pass”  before  even  letting  the 
user  log  in  as  a  start.  And,  you  can  apply 
individual  (and  different)  policies  to  each 
resource  you  make  available  through  the 
SSL  VPN. 

Access  control  at  the 
application  layer 

One  of  the  key  features  of  an  SSL  VPN  is  a 
greater  focus  on  who  is  connecting.  This  lets 
the  SSL  VPN  manager  enforce  user-focused 
access  controls,  rather  than  simply  allowing 
everyone  who  connects  to  go  everywhere  in 
the  network.  UAG  gives  the  administrator 
the  option  to  define  access  controls  on  every 
resource  individually,  as  well  as  to  create  vir¬ 
tual  systems  (UAG  calls  them  “trunks”)  that 
have  separate  sets  of  resources,  portal  con¬ 
figurations  and  access  controls. 

For  user-based  controls,  the  network  man¬ 
ager  can  block  or  allow  access  on  an  appli¬ 
cation-by-application  basis  at  the  user  ID  or 
group  level  (or  both).  In  addition,  UAG  makes 
a  distinction  between  “upload”  and  “down¬ 
load”  activities.  These  aren’t  done  at  the  user/ 
group  level,  but  at  the  application  level.  This 
means  that  you  can,  for  example,  prohibit  all 
authenticated  users  from  uploading  .MP3 
files  to  your  Exchange  Webmail  server,  but 
allow  them  to  download  them. 

A  third  type  of  access  control  is  the  ability 
to  broadly  control  allowed  and  disallowed 
URLs  for  every  Web-based  application 
available  through  the  UAG  gateway.  This 
URL-specific  application  control  is  one  of 
the  bits  of  nice  intellectual  property  in  the 
UAG  SSL  VPN  that  isn’t  found  in  most  other 
SSL  VPNs. 

UAG  isn’t  a  full-fledged  application-layer 
firewall,  but  it  has  a  considerable  amount  of 
intelligence  about  what  is  acceptable  for  Web 
traffic  through  the  VPN.  This  helps  to  reduce 
the  possibility  that  an  authenticated  user  will 
try  to  crack  through  internal  applications, 
because  UAG  doesn’t  allow  URLs  that  aren’t 
allowed  for  that  particular  application. 

Of  course,  giving  UAG  the  capability  to 
understand  what  is  and  isn’t  legal  for  each 
of  your  applications  doesn’t  happen  without 
some  work.  UAG  has  all  of  Microsoft’s  major 
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enterprise  applications  built  in  to  its  configu¬ 
ration  knowledge,  including  Exchange  Server, 
Office  Communicator  and  SharePoint.  If 
your  own  application  isn’t  included,  you  can 
write  rules  to  add  it,  or  you  can  simply  let  the 
defaults  take  effect. 

The  one  place  where  UAG’s  access  con¬ 
trols  really  didn’t  measure  up  was  in  offering 
remote  network  access  (usually  called  net¬ 
work  extension).  With  network  extension,  the 
SSL  VPN  turns  into  a  more  traditional  VPN 
concentrator,  giving  broad  network  access  to 
users  who  have  installed  the  (Windows  only) 
client  software. 

However,  access  controls  don’t  really  apply 
within  UAG.  Instead,  you  use  the  underlying 


firewall  that  protects  the  UAG  server,  Micro¬ 
soft’s  Forefront  Threat  Management  Gate¬ 
way,  to  provide  broad-based  access  controls, 
but  you  can’t  apply  them  on  a  per-user  or 
per-group  basis  through  UAG.  DirectAccess, 
Microsoft’s  new  IPv6-based  VPN  technology, 
is  included  in  UAG  but  also  does  not  have  any 
type  of  granular  access  controls. 

Management:  A  mixed  bag 

Management  is  handled  through  a  Windows- 
based  application.  The  management  tool  can 
control  a  single  UAG  gateway,  or  a  group  of 
servers  acting  as  a  single  gateway,  but  can’t 
control  multiple  independent  gateways. 
Generally,  UAG  management  is  well  done 
and  easy  to  use.  Although  UAG  sits  on  top 
of  both  Windows  2008  R2  and  Forefront 
Threat  Management  Gateway  firewall,  you 
don’t  have  to  dive  into  either  of  those  products 
very  often. 

The  configuration  tool  also  includes  con¬ 
text-sensitive  help,  which  for  the  most  part 
is  quite  well  done.  In  many  important  areas, 
terms  are  not  defined  and  necessary  details 
are  missing,  so  additional  work  is  needed,  but 
overall  the  help  is  there  when  you  need  it. 

UAG  uses  a  commit  model  for  configura¬ 
tion  changes,  although  there  is  no  versioning 
or  rollback  capability.  However,  when  you  do 
commit  changes,  the  gateway  management 
interface  takes  care  of  any  changes  to  the 
underlying  TMG  configuration. 

Monitoring  and  logging  tools  showed 
mixed  results  in  our  testing.  UAG  includes 
a  Web-based  monitoring  tool  that  can  dis¬ 
play  the  status  of  the  entire  UAG  gateway, 
including  relevant  event  log  messages.  Dur¬ 
ing  normal  operations,  this  will  probably  be 
sufficient.  However,  debugging  and  trouble¬ 
shooting  tools  are  poorly  handled.  As  we  were 
trying  our  various  tests,  we  were  constantly 
in  the  dark  about  why  and  how  something 
wasn’t  working. 

We  found  a  number  of  unfinished  edges 
in  the  product,  such  as  in  portal  customiza¬ 
tion  and  network  extension  management, 
but  following  the  80/20  ride,  most  network 
managers  will  find  their  configuration  and 
day-to-day  management  experience  to  be 
straightforward  and  efficient. 

Impressive  interoperability 

One  of  the  most  important  parts  of  an  SSL 
VPN  is  the  proxying  of  Web  pages  from  the 
original  server,  through  the  VPN,  to  the 
user’s  browser.  With  a  ton  of  technologies 
on  Web  sites,  including  Flash  and  Javascript, 
and  with  techniques  such  as  AJAX,  this  is  get¬ 
ting  harder  each  year. 

We  tested  UAG  with  a  full  suite  of  Micro¬ 
soft  enterprise  application  servers,  including 
Exchange  2007,  Exchange  2010  and  Share- 
Point.  In  each  case,  UAG  was  able  to  flawlessly 
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pass  traffic  between  the  enterprise  applica¬ 
tion  servers  and  the  client  Web  browser. 

With  our  own  Web  applications,  we  had 
only  one  problem,  with  a  Shockwave  Flash 
site,  which  did  not  work  properly  when  sent 
through  the  SSL  VPN.  However,  Javascript 
and  well-  and  poorly  constructed  HTML  all 
worked  fine. 

UAG’s  protocol  translation  facility  only 
supports  one  application,  CIFS  file  servers. 
Because  all  CIFS  files  are  seen  as  a  single  “file 
sharing”  link  in  the  Web  portal,  you  don’t 
have  much  granularity  of  control  at  the  SSL 
VPN  layer.  Instead,  Active  Directory  creden¬ 
tials  are  passed  down  from  the  UAG  system 
directly  to  the  file  servers  and  the  end  file 
server  access  controls  define  what  files  you 
can  and  cannot  see. 

In  other  words,  UAG  doesn’t  restrict 
access  any  more  than  the  file  servers  already 
do  based  on  group  information.  What  UAG 
does  do  is  provide  access  controls  based  on 
endpoint  security  status.  For  example,  the 
test  system  we  used  blocked  uploads  if  your 
antivirus  was  not  up  to  spec,  but  downloads 
were  fine. 

We  ran  into  a  couple  of  bugs  in  the  UAG 
file  sharing.  When  used  with  a  pure  Active 
Directory  authentication,  everything  worked 
smoothly.  However,  if  we  tried  to  log  in  to  the 
UAG  portal  with  one  set  of  credentials  and  use 
a  different  set  for  file  sharing,  that  wouldn’t 
work.  We  also  uncovered  a  bug  when  upload¬ 
ing  larger  files  to  the  UAG  file  sharing  server, 
with  users  getting  the  dreaded  “404  —  File  or 
directory  not  found”  error  rather  than  a  more 
informative  error  message. 

Network  extension  also  worked  well,  with 
some  limitations.  UAG  supports  two  types  of 
network  extension:  one  is  based  on  the  origi¬ 
nal  Whale  protocol,  and  the  other  is  based 
on  Microsoft’s  SSTP  protocol.  Unfortunately, 
Whale  supports  XP  and  Vista,  while  SSTP 
is  supported  on  Vista  and  Windows  7.  This 
means  any  company  that  has  both  XP  and 
Vista  needs  to  configure  both  methods,  and 
have  two  access  points  open. 

That’s  not  hard,  and  we  had  no  problem  set¬ 
ting  that  up.  The  bigger  issue  is  user  training, 
where  Windows  7  users  must  use  a  differ¬ 
ent  client  and  procedure  than  Windows  XP 
users.  Also,  because  SSTP  runs  over  Port  443 
and  Whale  protocol  doesn’t,  help  desks  may 
run  into  issues  where  one  works  but  the  other 
doesn’t  because  of  some  intervening  firewall. 

The  final  area  we  tested  was  port  forward¬ 
ing,  a  technique  for  exporting  single  client- 
server  applications.  In  Windows  clients,  this 
was  easy  to  configure  and  worked  well.  We 
used  the  most  common  example,  Microsoft’s 
own  terminal  services,  which  is  elegantly 


supported  by  UAG.  We  also  tested  VNC,  a 
terminal  server  used  in  other  operating  sys¬ 
tem  environments,  and  one  of  our  own  SQL 
client-server  applications,  without  problems 
on  Windows  platforms. 

One  of  the  coolest  features  of  UAG  was  sin¬ 
gle  application  forwarding.  Using  this  feature, 
we  could  advertise  a  single  application  run¬ 
ning  on  a  server  through  the  SSL  VPN  and 
keep  the  user  from  getting  all  the  way  to  the 
desktop.  On  our  test  Windows  client  system, 
this  worked  great.  Application  forwarding, 


Four  key 
components  of 
an  SSL  VPN 

Like  all  enterprise-class  SSL  VPNs, 
Forefront  UAG  includes  four  key 
VPN  tools: 

1.  Secure  reverse  proxy,  which 
authenticates  users  and  forces  all 
traffic  via  an  SSL  tunnel  through 
the  UAG  system  before  passing  it  to 
the  enterprise  Web  server.v 

2.  Port  forwarding,  a  simple  technique 
for  taking  non-Web  applications 
and  wrapping  them  in  an 
authenticated  SSL  tunnel. 

3.  Protocol  translation,  which  converts 
CIFS-based  file  systems  into  Web 
pages. 

4.  Network  extension,  a  way  of 
providing  full  remote  network 
access  over  an  SSL  tunnel. 


which  is  based  on  an  ActiveX  control  pro¬ 
vided  by  Microsoft,  isn’t  supported  except  in 
Internet  Explorer  browsers.  Port  forwarding 
also  worked  on  both  of  our  test  Macintosh  cli¬ 
ent  systems. 

In  general,  we  found  that  UAG  was  very 
interoperable  with  most  Web  applications 
(Flash  being  the  exception),  application  port 
forwarding,  network  extension  and  applica¬ 
tion  forwarding  when  used  in  a  Windows 
environment.  We  had  less  success  and  more 
frustration  in  the  Mac  world.  Network  man¬ 
agers  will  be  able  to  use  UAG  and  its  associ¬ 
ated  tools  to  make  their  internal  networks 
accessible  in  a  safe  and  controlled  way  to  staff 
outside  the  network  boundary. 

Portal  customization  conundrums 

One  of  the  main  functions  of  an  SSL  VPN 


is  to  export  Web-based  applications,  so  the 
inevitable  itch  to  tinker  with  how  the  Web 
page  looks  strikes  frequently.  UAG  doesn’t 
make  it  particularly  easy  to  customize  the 
look-and-feel  of  the  Web  pages.  Full  control 
is  there  —  as  long  as  you  feel  comfortable  div¬ 
ing  into  the  middle  of  XML  files,  ASP.NET 
pages,  and  writing  your  own  Javascript  and 
Visual  Basic. 

A  few  customizations  are  easy  to  do.  For 
example,  having  inaccessible  applications 
(for  instance,  because  you’re  not  allowed  to 
run  them)  not  show  up  on  the  portal  is  an 
important  security  consideration.  UAG  also 
has  the  concept  of  multiple  types  of  devices: 
personal  computers,  handheld  devices  and 
mobile  devices;  you  can  block  some  apps 
from  showing  up  on  devices  that  can’t  sup¬ 
port  them. 

On  the  other  hand,  some  customizations 
that  every  other  SSL  VPN  makes  trivial  are 
painfully  difficult.  Let’s  say  you  want  to  put 
your  logo  on  the  home  page,  and  change  the 
copyright  notice.  You  can  do  it,  but  you  have 
to  navigate  a  17MB  Web  site  with  325  files  and 
35  directories  to  find  the  files  that  you  need  to 
update.  UAG  also  does  not  support  any  user 
customization  of  its  own  portal,  such  as  main¬ 
taining  a  set  of  personal  bookmarks. 

Another  piece  of  portal  functionality  we 
tested  was  the  single  sign-on  capability. 
UAG  makes  it  easy  to  provide  single  sign- 
on  for  applications  that  link  to  your  Active 
Directory,  simplifying  the  process  for  users 
and  probably  increasing  security  along  the 
way. 

Other  parts  of  single  sign-on,  though,  such 
as  saving  Web-site  specific  credentials  or 
using  a  static  password  for  a  Web  site,  are  not 
supported  well,  if  at  all.  This  type  of  authen¬ 
tication  simplification  is  important  when 
UAG  is  used  as  a  portal  to  internal  Web  sites 
that  aren’t  connected  to  Active  Directory,  or 
when  using  UAG  as  a  reverse  proxy  portal 
to  gain  access  to  external  Web  sites.  It’s  not 
a  hard  feature  to  implement  —  most  other 
SSL  VPNs  do  it  just  fine  —  but  UAG  doesn’t 
have  it. 

In  our  testing,  links  to  Web  sites  —  espe¬ 
cially  Microsoft  Web  applications  such  as 
SharePoint  and  Exchange  —  that  used  cached 
credentials  in  Active  Directory  authenticated 
fine  without  requiring  the  user  to  re-login.  We 
had  varying  success  with  non-Active  Direc¬ 
tory  Web  sites,  depending  on  how  the  Web 
site  requested  login  credentials. 

Snyder,  a  Network  World  Test  Alliance 
partner,  is  a  senior  partner  at  Opus  One 
in  Tucson,  Ariz.  He  can  be  reached  at  Joel. 
Snyder@opusl.com. 
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When  it  comes  to  online,  in  seals  we  trust 


HOW  DO  you  know  who  to  trust?  In  the  real 
world,  it’s  tough.  For  example,  we  humans 
evolved  a  number  of  built-in  mechanisms 
that  were  useful  back  when  we  were  running  around  the  veldt  trying 
to  avoid  wolves  (or,  if  you’re  a  creationist,  dinosaurs).  But  these  mech¬ 
anisms  also  addressed  the  important  problem  of  which  humans  we 
could  trust.  It  was  generally  a  good  bet  (or,  at  least,  a  better  bet)  that 
our  family  members  wouldn’t  kill  us,  so  one  mechanism  we  used  was 
to  trust  those  who  look  like  we  do. 

Unfortunately,  when  it  comes  to  the  modern  world,  these  kinds  of 
ancient  mechanisms  and,  in  fact,  pretty  much  all  of  the  other  wired-in 
survival  stuff,  is  far  less  useful  than  it  was  in  50,000  B.C.,  or  whenever 
it  was  that  it  got  locked  into  our  genome. 

Not  surprisingly,  when  it  comes  to  the  online  world,  our  wired- in  stuff 
is,  at  best,  useless;  at  worst,  it  is  a  source  of  cognitive  noise  that  clouds  our 
judgment.  In  reality,  when  we  are  online,  the  only  things  we  can  rely  on 
are  our  own  understanding  of  who  or  what  is  on  the  other  end,  and  our 
faith  in  the  other  party  being  who  they  claim  and  appear  to  be. 

Both  of  these  concerns  boil  down  to  having  some  reasonable  knowl¬ 
edge  of  the  other  party.  On  the  level  of  one  individual  to  another,  this 
is  pretty  easy  to  achieve,  but  when  it  comes  to  commercial  entities  that 
aren’t  major  brands  such  as  Bank  of  America  or  Sears,  how  can  you 
know  whether  they  are  trustworthy? 

For  example,  say  you’ve  just  discovered  VacuumsRUs.com  has 
replacement  vacuum  bags  at  the  best  price  you  can  find  anywhere. 
That’s  when  it  gets  tricky.  They  want  you  to  give  them  your  name, 
street  and  e-mail  addresses,  credit  card  data,  and  perhaps  the  e-mail 
addresses  of  your  friends  so  they  can  send  your  recommendation  to 


them.  But  can  you  trust  them?  And  even  if  you  can  trust  them  not  to 
sell  your  data,  can  you  trust  them  to  keep  it  safe? 

One  thing  that  might  persuade  you  to  trust  them  is  a  certification 
mark  such  as  those  conferred  on  Web  sites  by  ControlScan.  ControlS- 
can  issues,  for  a  fee,  seals  for  “Business  Background  Reviewed”,  “Reg¬ 
istered  Member”,  “Privacy  Protected”  and  “Privacy  Reviewed”,  all  of 
which  sound  great.  A  consumer  seeing  these  marks  will  most  likely 
assume  they  mean  something. 

It  turns  out  this  would  be  a  mistake.  At  the  end  of  last  month,  the 
Federal  Trade  Commission  (FTC)  announced  that  ControlScan  was 
guilty  of  not  doing  what  it  claimed  to  do,  to  wit,  verify  that  client  Web 
sites  were  adhering  to  safe  data  practices.  Neither  was  it  scanning  the 
sites  as  frequently  as  it  claimed.  In  short,  what  ControlScan  was  doing 
was  completely  bogus. 

The  result  of  the  FTC  taking  legal  action  was  a  consent  agreement 
with  ControlScan  (this  means  ControlScan  promised  to  stop  what  it 
was  doing)  and  the  founder  and  former  CEO  had  to  forfeit  $102,000  in 
“ill-gotten  gains.”  There  was  also  a  judgment  of  $750,000  against  Con¬ 
trolScan,  but  it  was  suspended  because  the  company  has  no  money. 

It  is  definitely  time  for  the  Web  site  certification  industry  to  be  regu¬ 
lated.  There  are  all  sorts  of  companies  offering  these  kinds  of  impri¬ 
maturs  and  most  seals  are  no  more  than  window  dressing.  If  we  don’t 
bring  this  business  under  control  those  marks  that  actually  do  mean 
something  and  help  consumers  judge  who  to  trust  will  be  lost  in  a  sea 
ofscamming.  Trust  me  on  this  one.  ■ 

Gibbs  believes  in  trust  but  verify  in  Ventura,  Calif.  Your  credulity  to 
backspin@gibbs.com. 
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Losing  sleep  over  3  data  breaches  in  a  year 


NEVER  MIND  three  strikes  and  you’re  out. 
How  about  three  strikes  and  I’ve  got  to  ask 
myself  if  I  even  want  to  be  in  one  of  your 
hotels  in  the  first  place.  The  question  arises 
after  a  third  reported  incident  in  12  months  involving  the  Wyndham 
Hotels  chain.  Granted,  even  the  most  security-conscious  companies 
can  be  victimized  by  hackers,  but  when  you’ve  had  to  cop  to  a  third  data 
breach  in  less  than  a  year  you’ll  have  to  forgive  prospective  customers 
for  looking  elsewhere  for  shelter.  Or  to  pay  in  cash. 

From  IDG  News  Service  story  on  our  Web  site  last  week:  “Hackers 
were  able  to  steal  data  required  for  credit  card  fraud,  the  company  said, 
including  ‘guest  names  and  card  numbers,  expiration  dates  and  other 
data  from  the  card’s  magnetic  stripe.’” 

The  Wyndham  chain  includes  such  familiar  brand  names  as 
Ramada,  Days  Inn,  Super8,  Howard  Johnson  and  Travelodge. 

Here’s  a  snippet  of  the  chain’s  mea  culpa  posted  to  the  Wyndham 
site:  “In  addition  to  ensuring  that  the  hack  was  immediately  termi¬ 
nated  and  disabled,  we  promptly  retained  a  qualified  investigator  to 
assess  the  problem  and  ensure  that  we  had  isolated  it,  and  then  to 
help  us  implement  the  proper  changes  to  strengthen  and  improve  the 
security  of  our  connections  with  each  of  our  WHR  branded  properties. 
Further,  the  impacted  properties  are  being  separately  investigated  by 
a  qualified  PCI  investigative  firm  to  assess  and  improve  the  security  at 
each  hotel  property  in  the  system.” 

Those  are  good  ideas  all,  but  they  would  have  been  even  better  had 
they  occurred  and  been  implemented  effectively  after  the  breach 


Wyndham  acknowledged  last  August. 

And  they  would  have  been  a  model  of  corporate  responsibility  had 
they  blossomed  after  the  first  of  the  three  breaches,  which  was  revealed 
to  the  public  six  months  earlier. 

Do  I  judge  Wyndham  too  harshly?  I  asked  Kelly  Todd,  a  project  man¬ 
ager  for  DataLossDB,  which  tracks  information  about  data  breaches. 
His  reply:  “Personally,  I’d  try  my  best  to  avoid  using  any  business 
that  suffered  multiple  breaches  in  a  relatively  short  time  frame.  For 
instance,  if  you  swipe  your  credit  card  through  an  ATM  that  gets  a 
skimmer  attached  to  it  three  times  in  a  year,  it  might  be  time  to  switch 
ATMs.  I  don’t  see  why  trusting  a  hotel  chain  —  or  any  business  for  that 
matter  —  with  credit  card  information  should  be  different.” 

So  here’s  the  question  I  sent  to  a  pair  of  Wyndham  public  relations 
executives:  “Given  that  this  was  the  third  such  incident  involving 
Wyndham  in  the  past  year  alone,  why  wouldn’t  a  prudent  business 
traveler  or  vacationer  be  well  advised  to  avoid  Wyndham  hotels  rather 
than  risk  being  a  victim  of  the  next  such  incident?” 

Wyndham’s  reply:  “While  no  data  security  policy  can  guarantee  that 
unauthorized  data  access  will  not  happen  in  the  future,  we  continu¬ 
ously  upgrade,  evaluate  and  monitor  our  systems  to  protect  custom¬ 
ers.  The  (latest)  computer  security  incident  occurred  while  Wyndham 
was  in  the  process  of  completely  upgrading  the  information  security 
specifications  for  all  the  Wyndham-branded  hotels.” 

Sleep  tight.  ■ 

Thoughts?  The  address  is  buzz@nww.com 
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'SHOT? 


S  ON  IT? 


'S  IT  DUE? 


'S  IT  LATE? 


WHEN  LIAISE  IS  ON  ITr  YOU  CAN  BE,  TOO. 

Liaise  captures,  prioritizes  and  organizes  every  detail,  action  item,  and  due  date,  automatically,  while  you 
use  your  email.  So  you  don 't  have  to  do  anything  special  to  get  the  organization  and  peace  of  mind  it  provides. 

While  you  type,  Liaise  scans  your  email  messages  for  tasks  and  due  dates,  and  assigns  priority  levels 
my  can  you  send  me  the  revised  budget  before  the  end  of  next  week?  before  organizing  everything  into  an  easy-to-use  sidebar  for  on- 

\sm  for  Jenny  JKkson,  due:  Tt>UiXdMji>nyaa.iL_im,  priority.  Hot  ma!  _  °  O  J  O  J 

demand  reports  and  syncing  with  your  Outlook  calendar. 

Liaise  runs  in  the  background  to  identify  what’s  important,  and  even  updates  your  team  members  with  the 
same  information — even  if  they’re  mobile — so  there’s  no  mistaking  who’s  got  what  due  when. 

Right  now,  you  can  try  Liaise,  free.  Just  visit  www.liaise.com/on  to  see  a  quick  demo,  and  download  it. 

Hey,  you've  got  plenty  to  keep  track  of.  But  if  Liaise  is  on  it,  you  can  be,  too. 


TO  DOWNLOAD  LIAISE  FOR  FREE,  JUST  VISIT  WWW.LIAISE.COM/ON. 


Liaise 


! 


0  2010  Liaise,  Inc.  All  rights  reserved.  The  Liaise  logo  and  When  Liaise  is  on  it,  you  can  be,  too.,  are  trademarks  of  Liaise.  Inc.  All  other  trademarks  are  property  of  their  respective  owners. 


Building  the  engines  of  a  Smarter  Planet: 

Five  ways  midsize  businesses  can 
create  a  more  dynamic  infrastructure. 

As  new  opportunities  emerge  on  a  smarter  planet,  midsize  businesses  are  uniquely  positioned  to  seize  them. 
They  are  the  engines  of  a  smarter  planet,  leveraging  their  size  to  move  more  nimbly  and  drive  innovation.  It  starts 
with  smarter  technology-a  dynamic  infrastructure  that  connects  IT  to  all  of  the  digital  and  physical  assets  of  the 
entire  business.  Midsize  companies  are  building  a  more  dynamic  infrastructure  with  the  IBM  HS22  and  HS22V 
Express®  blade  servers -helping  them  increase  performance  and  consolidate  resources,  while  reducing  costs 
and  energy  use.  Let  IBM  and  our  Business  Partners  show  you  how: 


Powerful. 

Intelligent. 

V _ ) 


5  Reduce  energy  costs  by  up  to  93% 

versus  previous-generation  rack  servers. 
Learn  how  you  could  see  a  return  on  your 
investment  in  under  1 2  months.2 


Look  closer  with  IBM  Systems 
Consolidation  Evaluation  Tool  to 
compare  your  current  infrastructure 
with  where  you  want  to  go. 


Prepare  for  growth  with 
smart,  scalable  and  cost- 
effective  solutions. 


Do  more  with  less.  IBM  HS22  Express 
Server  and  BladeCenter®  S  Express 
chassis  with  integrated  storage  and 
networking,  priced  specifically  for 
midsize  companies  from 


Dial-up  efficiency  and 

performance  with  the  IBM  HS22 
Express  -  a  server  featuring  the 
Intel®  Xeon®  processor  5500  series. 


per  month  for  48  months.' 


$163 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

The  IBM  Express  Advantage™  Concierge  can  connect  you  to  the  right  IBM 
Business  Partner.  Call  877-IBM-ACCESS  or  visit  ibm.com/systems/more 


\  »  / 


Prices  are  current  as  of  2/8/1 0  and  are  subject  to  change  without  notice.  Manufacturer's  suggested  retail  price;  dealer  prices  may  vary.  Minimum  transaction  size  is  $5,000;  monthly  payments  are  estimates  based  on  lease  rates 
for  installations  ot  qualified  products  and  services  in  the  United  States.  Actual  rates  may  vary  based  on  your  creditworthiness,  configuration  details,  etc.,  and  are  subject  to  credit  approval  by  IBM  Credit  LIC.  For  some  clients,  total 
software  and  services  are  limited  to  75%  of  hardware  financed.  Other  conditions  may  apply,  so  please  contact  youi  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information.  Return  on  investment  and  power  savings 
calculation  based  on  11:1  consolidation  ratio  scenario  ot  166  Intel  1U  2  socket  servers  to  14  BladeCenter  HS22  servers  and  savings  iri  energy  costs,  software  license  lees  and  other  operating  costs.  Actual  costs  and  savings  will  vary 
depending  on  individual  customer  configurations  and  environment.  For  more  information,  visit  www.ibm.com/smarterplanet/claims.  IBM,  the  IBM  logo,  ibm.com,  Express  Advantage,  Express,  BladeCenter.  Smarter  Planet  and  the  planet  icon 
are  trademarks  of  International  Business  Machines  Corp.,  registered  in  many  jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the 
Web  at  www.ibm.com/legai/copytrade.shtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ffi  International  Business 
Machines  Corporation  2010.  All  rights  reserved. 


